« How Far Will Email Operators Take Blocklisting to Prevent Spam? | Main | What is Two-Factor Authentication? »

Wednesday, 21 February 2018

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Thank you Dave for this nice summary! But I would like to add, that the infection vector number one at the moment (at least in Europe) is remote access (like RDP). This kind of ransomware often do not use C&C servers. Other ways for infections we see during our investigations are drive-by-downloads, malvertising and supply-chain-attacks.

Concerning RDP I would like to say a few words. The perpetrators scan the internet and try brute-force-attacks (with tools like NLBrute) for getting access to these servers. Companies are very often affected. So I would recommend not to use RDP, if not necessary (there are lots other possibilities for remote access like Teamviewar (with 2FA), etc. If RDP is necessary, RDP should not be configured on a standard Port, better would be using a VPN on the firewall and not exposing the ports outside the LAN at all. Very strong passwords should be applied and there should not be used commonly used login names like "admin", "root", etc. Also an IP whitelisting would help securing the system a lot...

Snowy greetings from Austria,
Christina

The comments to this entry are closed.

Find me on Mastodon and Facebook
My Photo