« How Far Will Email Operators Take Blocklisting to Prevent Spam? | Main | What is Two-Factor Authentication? »

Wednesday, 21 February 2018


Feed You can follow this conversation by subscribing to the comment feed for this post.

Thank you Dave for this nice summary! But I would like to add, that the infection vector number one at the moment (at least in Europe) is remote access (like RDP). This kind of ransomware often do not use C&C servers. Other ways for infections we see during our investigations are drive-by-downloads, malvertising and supply-chain-attacks.

Concerning RDP I would like to say a few words. The perpetrators scan the internet and try brute-force-attacks (with tools like NLBrute) for getting access to these servers. Companies are very often affected. So I would recommend not to use RDP, if not necessary (there are lots other possibilities for remote access like Teamviewar (with 2FA), etc. If RDP is necessary, RDP should not be configured on a standard Port, better would be using a VPN on the firewall and not exposing the ports outside the LAN at all. Very strong passwords should be applied and there should not be used commonly used login names like "admin", "root", etc. Also an IP whitelisting would help securing the system a lot...

Snowy greetings from Austria,

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Find me on Mastodon and Facebook
My Photo