As an ESET whitepaper shows: Ransomware is behind 71 billion attacks on RDP remote access - in just 18 months. Despite new attack tactics, organizations can defend themselves effectively.
The IT security manufacturer ESET has published a new white paper on ransomware. "Ransomware: Enterprises Targeted by Malware and Manipulation" examines how dangerous the encryption Trojan has become due to the technical and psychological innovations of criminals. How can companies best protect themselves? What are the most common techniques used by hackers? The report provides answers to the most pressing questions that companies and their IT managers are currently dealing with. The focus is on the three specific attack vectors Remote Desktop Protocol (RDP), email attachments and the supply chain. The whitepaper is available for free download on the ESET Securityblog.
Remote Desktop Protocol (RDP) as a ransomware booster
Ransomware gangs have abused the COVID-19 pandemic to expand their extortion and distribution tools. They mainly focus on publicly accessible, misconfigured systems with Remote Desktop Protocol (RDP). According to ESET data, remote access is one of the most popular attack vectors today, with more than 71 billion detections worldwide between January 2020 and June 2021. In contrast to malicious email attachments, attacks via RDP use the semblance of legitimacy. So they stay under the radar of many detection methods. Obviously, companies underestimate the danger or have a lower level of threat awareness.
Encryption Trojans instead of printouts: shared printers as a gateway
The ESET researchers also found that the Server Message Block (SMB) protocol is also being abused as an attack vector. This protocol is mainly used for file and printer sharing on corporate networks - and provides a means for ransomware to infiltrate a corporate network. As early as 2017, EternalBlue exploited a programming error in the SMB protocol for the notorious WannaCry attacks. Between January and April 2021 alone, ESET technologies blocked more than 335 million brute force attacks on publicly available SMB services.
Pay or Not Pay: The Ransom Dilemma
The white paper also looks at the attacks on Kaseya and the Colonial Pipeline and the costs ransomware operators are causing businesses around the world. In light of this and a host of other ransomware cases, the authors discuss the payment dilemma. They argue that paying ransom can restore some files, but it does not guarantee that cyber criminals will or can restore full access to the data. Worse still, transferring the required amount of cryptocurrency will help fund future crimes. This is, among other things, the reason for the current debate on the illegalization of such payments.
Use protection technologies
As ransomware attacks become more targeted, organizations should understand and be prepared for the latest methods used by cyber criminals. In addition to properly setting up RDP and complying with basic security rules such as regular updates, the white paper advises the use of advanced technologies such as "Endpoint Detection & Response", such as the ESET Enterprise Inspector.
Ondrej Kubovič, Security Awareness Specialist and author of the whitepaper, explains: “Ransomware is currently one of the most powerful cyber threats facing modern organizations, affecting all industries and both the public and private sectors. It is of crucial importance that IT managers are equipped with insights into the latest developments in the ransomware scene and that their defenses can be based on a holistic security strategy. With our whitepaper, we give companies the tools they need to always be one step ahead of malicious actors. It provides actionable advice for administrators and their supervisors, and provides insights into security products that can help mitigate the threat of cyberattacks. "
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.