Given the number of companies that will be opening RDP up as part of their COVID-19 response, I’d expect a rise in these kind of attacks just when IT teams are understaffed and over stretched. Invest in systems to detect lateral movement before it becomes a full-blown attack..:
[…] In the cases FireEye investigated the most common infection vectors were:
- Brute-force attacks against workstations with RDP (Remote Desktop Protocol) ports open on the internet
- Spear-phishing against a company’s employees and using one infected host to spread to others
- Drive-by downloads (employees visiting a compromised website and downloading malware-infected files).
Just like Microsoft in its report last week, FireEye is now urging companies to invest in deploying detection rules for spotting attackers during their pre-infection “dwell time.”
“If network defenders can detect and remediate the initial compromise quickly, it is possible to avoid the significant damage and cost of a ransomware infection,” FireEye said.