Most ransomware attacks take place during the night or over the weekend

Given the number of companies that will be opening RDP up as part of their COVID-19 response, I’d expect a rise in these kind of attacks just when IT teams are understaffed and over stretched. Invest in systems to detect lateral movement before it becomes a full-blown attack..:

[…] In the cases FireEye investigated the most common infection vectors were:

  • Brute-force attacks against workstations with RDP (Remote Desktop Protocol) ports open on the internet
  • Spear-phishing against a company’s employees and using one infected host to spread to others
  • Drive-by downloads (employees visiting a compromised website and downloading malware-infected files).

Just like Microsoft in its report last week, FireEye is now urging companies to invest in deploying detection rules for spotting attackers during their pre-infection “dwell time.”

“If network defenders can detect and remediate the initial compromise quickly, it is possible to avoid the significant damage and cost of a ransomware infection,” FireEye said.

Original article here