According to researchers at F-secure, Brute force and remote desktop attacks are now the method of choice among cyber criminals for distributing ransomware. The shift was seen earlier in 2019, following a marked increase in ransomware attacks worldwide.
As an organizations critical data and networks are maliciously encrypted, an extraordinary amount of damage can occur in a very short time span as a direct result of these attacks. In fact, it’s for this reason why so many ransomware victims, as well as their insurers, may choose to submit and pay the ransom, despite some of the larger scale attacks reaching well into the hundreds of thousands of dollars.
In order to track and analyse these attacks, cybersecurity researchers at F-secure set up what is known as “honeypots.” Honeypots are decoy servers, facing the internet, designed in a way to look attractive to hackers in order to monitor suspicious activity.
Password Strength Findings
The Attack Landscape H1 2019 report details the results and brute force tops the list of infection vectors for ransomware at a staggering 31%. In other words, password strength is vital to your organization’s security.
A Brute-force attack, simply put, is a trial and error method employed by hackers with the use of automated tools that aim to discover the correct password. A common example of this is known as a dictionary attack, in which an attack tool runs through a large number of words, previously compromised passwords or passphrase in attempt to find the correct combination. These attacks are so successful due to the number of users that use default credentials, extremely common or short passwords. In other words, brute-force attacks are far too fruitful to pass up for hackers taking aim at organizations, where the use of weak passwords is all but uncommon.
Remote Desktop Attacks
In the remote desktop protocol (RDP) attacks, cyber criminals seek RDP services with the intent to exploit and access enterprise networks. To do this, a hacker will scan a range of IP addresses, looking for open ports used by RDP, and then utilize brute force methods to determine the credentials. Once successful, they may use RDP services to establish a foothold on a network where they attempt to escalate privileges, harvest user credentials and launch additional attacks. Once inside, hackers who have gained admin access can essentially do anything they want, including disabling antivirus software, installing ransomware, stealing company data and much more.
Additional Attack Vectors
Not far behind brute-force and RDP attacks, phishing remains an extremely common attack vector with almost 25% of ransomware attacks taking aim at the F-secure honeypots via masquerading emails.
Putting things into perspective, all it can take for an attack to take hold of an entire company network is for one user to either divulge too much information or download a malicious attachment. This becomes even more of a risk if an organizations network is using unpatched software or does not have an up to date anti-virus in place.
Password Strength: The Solution
With the F-secure report demonstrating that all forms of cyberattack are on the rise, it should be of great concern to organizations of all sizes and across all industries. Some simple tips your organization should engage in to remain secure include the following:
- Keep all systems and applications patched and up-to-date.
- Enforce a password policy.
- Enforce multi-factor authentication.
- Encourage and maintain employee cyber awareness from the front-line workers to the executive level.
- Recurring penetration testing
- Perform “pulse check” breach and attack simulations and password audits to ensure password strength is a top priority amongst all levels of staff.
At Packetlabs, it is our mission to stay ahead of current threats and vulnerabilities. This has been the tipping point that has helped distinguish our testing approach from our competitors. Too often, competitor firms will commoditize security testing through performing automated testing (VA scans) with little value to the client. Our methodology only begins with automated testing. Thereafter, our expertise and experience allow us to manually uncover high-risk vulnerabilities which are frequently missed by other testing methodologies.
Our mission is to maintain the fact that not one of our clients have been breached by a vulnerability we’ve missed; we take this very seriously. For more information on password strength, or anything else you’ve read here, please contact us for more information on what we can do for your organization!