How to Secure the Most Common Cyberattack Initial Vectors

Cyberattackers gain access to their victims’ networks by exploiting initial vectors – entry points that enable them to drop malicious software (malware).

 

Securing the most common cyberattack initial vectors is important in protecting your organization’s network. Here are the most common cyberattack initial vectors and their corresponding cybersecurity best practices in securing them:

 

RDP

RDP, short for Remote Desktop Protocol, is one of the most popular application-level protocols for accessing Windows workstations or Windows servers.

 

With the spread of the coronavirus disease 2019 (COVID-19) and the resulting government-mandated stay-at-home measures, remote working has become a new normal. This new normal, however, directly impact cybersecurity. The ransomware called “Phobos”, for instance, typically leverage compromised RDP connections as an initial vector.

 

Kaspersky Lab reported that since the beginning of March of this year, the number of RDP brute force attacks has skyrocketed across almost the entire planet. In a brute force attack, an attacker uses the trial-and-error method of guessing the correct username and password combination.

 

Attackers are able to launch RDP brute force attacks as this protocol is often left exposed to the internet with username and password combination as the only means of protection. Successful RDP brute force attack allows an attacker access to an entire network, which can be used for malicious activities such as stealing data or spreading malware.

 

McAfee Labs reported that the number of internet-exposed RDP jumped from nearly three million in January 2020 to more than four and a half million in March 2020. According to McAfee Labs, weak passwords remain one of the common points of entry in accessing internet-exposed RDP. “What is most shocking is the large number of vulnerable RDP systems that did not even have a password,” McAfee Labs said.

 

Cybersecurity Best Practices in Securing RDP

Use strong username and password, enable multi-factor authentication, close port 3389, use Network Level Authentication (NLA), and make RDP available only via a corporate VPN

 

VPN

VPN, short for virtual private network, when configured correctly and timely patched, offers a secure way to allow remote workers access to your organization’s network. As mentioned above, one of the best practices in securing RDP is by making this protocol available only via a corporate VPN.

 

Like RDP, VPN adoption has seen a big leap since the start of the COVID-19 pandemic. Making RDP available only through a corporate VPN prevents brute force attacks as guessing the correct username and password combination isn’t enough.

 

Like any other software, however, VPN products from different vendors aren’t perfect. Last year, security researchers discovered security vulnerabilities in VPN products, such VPN products from Fortinet, Palo Alto and Pulse Secure. Even as VPN vendors had released security updates, fixing the discovered vulnerabilities, many VPN users still fail to apply the security updates, leaving their corporate VPN vulnerable for exploitation.

 

As early as August 2019, the Canadian Centre for Cyber Security warned about the active exploitation of VPN vulnerabilities. “Due to the fact that VPN devices are typically Internet-facing, it is of the utmost importance that they be kept up to date with the latest patches,” the Canadian Centre for Cyber Security said.

 

Cybersecurity Best Practice in Securing VPN

Apply the latest security update

 

Email

The first email was sent nearly 50 years ago. To date, email is the primary form of digital communication relied upon by billions of users worldwide.

 

While there are other forms of digital communications available, people prefer this form of communication the same way as people relied on the snail mail in the past. Through the years, cybercriminals have learned that email is a powerful initial vector in gaining access to victims’ networks.

 

Twenty years ago, an email was sent with the subject “ILOVEYOU”. The email’s body contained these few words: “kindly check the attached LOVELETTER coming from me”. The email came with an attachment named “LOVE-LETTER-FOR-YOU.TXT”.

 

Clicking on the attached document resulted in the following: unauthorized copying and transfer of all cached Windows passwords; overwriting of computer files of the email receivers, denying victims access to their files, and mass emailing of the email to everyone in the receivers’ Outlook address book leading to the overloading of many mail systems around the world.

 

BBC reported Geoff White recently tracked the creator of the email working in a mobile phone repair shop inside a shopping mall in Manila. Onel de Guzman, now 44, admitted to White that he solely created the email containing the “ILOVEYOU” virus, sometimes referred to as “Love Bug” or “Love Letter” virus. The email caused mayhem on May 4, 2000, and in just a span of 24 hours, the ILOVEYOU virus infected an estimated 45 million computers worldwide, causing an estimated US$10 billion in damages.

 

Many of today’s malware programs, such as ransomware, gain access to their victims’ networks by weaponizing emails via spearphishing campaign – a type of a cyberattack that specifically targets victims, crafting malicious emails to suit the target’s profile and tricking the email receiver in clicking a link found in the email body or downloading an attachment. Clicking the said link or downloading an attachment leads to the dropping of a malware on the email receiver’s computer.

 

A recent report from Cisco Talos showed that email remained the top infection vector. Cisco Talos also observed increased compromises of remote desktop services (RDS) as well as compromises of Pulse VPN.

 

Cybersecurity Best Practices in Securing Emails

Avoid clicking on links in unsolicited emails and be cautious of email attachments.

 

Your business and IT have many moving components that should help your business operate and grow. Our staff helps you discover all vulnerable points, and protect it using the right processes tools and technologies, including VPN and RDP.

Call us today (416) 920-3000 to schedule a free evaluation of your environment, or email us at sales@genx.ca

 

 

Leave a Reply

Your email address will not be published.

How to Secure the Most Common Cyberattack Initial Vectors

Cyberattackers gain access to their victims’ networks by exploiting initial vectors – entry points that enable them to drop malicious software (malware).

 

Securing the most common cyberattack initial vectors is important in protecting your organization’s network. Here are the most common cyberattack initial vectors and their corresponding cybersecurity best practices in securing them:

 

RDP

RDP, short for Remote Desktop Protocol, is one of the most popular application-level protocols for accessing Windows workstations or Windows servers.

 

With the spread of the coronavirus disease 2019 (COVID-19) and the resulting government-mandated stay-at-home measures, remote working has become a new normal. This new normal, however, directly impact cybersecurity. The ransomware called “Phobos”, for instance, typically leverage compromised RDP connections as an initial vector.

 

Kaspersky Lab reported that since the beginning of March of this year, the number of RDP brute force attacks has skyrocketed across almost the entire planet. In a brute force attack, an attacker uses the trial-and-error method of guessing the correct username and password combination.

 

Attackers are able to launch RDP brute force attacks as this protocol is often left exposed to the internet with username and password combination as the only means of protection. Successful RDP brute force attack allows an attacker access to an entire network, which can be used for malicious activities such as stealing data or spreading malware.

 

McAfee Labs reported that the number of internet-exposed RDP jumped from nearly three million in January 2020 to more than four and a half million in March 2020. According to McAfee Labs, weak passwords remain one of the common points of entry in accessing internet-exposed RDP. “What is most shocking is the large number of vulnerable RDP systems that did not even have a password,” McAfee Labs said.

 

Cybersecurity Best Practices in Securing RDP

Use strong username and password, enable multi-factor authentication, close port 3389, use Network Level Authentication (NLA), and make RDP available only via a corporate VPN

 

VPN

VPN, short for virtual private network, when configured correctly and timely patched, offers a secure way to allow remote workers access to your organization’s network. As mentioned above, one of the best practices in securing RDP is by making this protocol available only via a corporate VPN.

 

Like RDP, VPN adoption has seen a big leap since the start of the COVID-19 pandemic. Making RDP available only through a corporate VPN prevents brute force attacks as guessing the correct username and password combination isn’t enough.

 

Like any other software, however, VPN products from different vendors aren’t perfect. Last year, security researchers discovered security vulnerabilities in VPN products, such VPN products from Fortinet, Palo Alto and Pulse Secure. Even as VPN vendors had released security updates, fixing the discovered vulnerabilities, many VPN users still fail to apply the security updates, leaving their corporate VPN vulnerable for exploitation.

 

As early as August 2019, the Canadian Centre for Cyber Security warned about the active exploitation of VPN vulnerabilities. “Due to the fact that VPN devices are typically Internet-facing, it is of the utmost importance that they be kept up to date with the latest patches,” the Canadian Centre for Cyber Security said.

 

Cybersecurity Best Practice in Securing VPN

Apply the latest security update

 

Email

The first email was sent nearly 50 years ago. To date, email is the primary form of digital communication relied upon by billions of users worldwide.

 

While there are other forms of digital communications available, people prefer this form of communication the same way as people relied on the snail mail in the past. Through the years, cybercriminals have learned that email is a powerful initial vector in gaining access to victims’ networks.

 

Twenty years ago, an email was sent with the subject “ILOVEYOU”. The email’s body contained these few words: “kindly check the attached LOVELETTER coming from me”. The email came with an attachment named “LOVE-LETTER-FOR-YOU.TXT”.

 

Clicking on the attached document resulted in the following: unauthorized copying and transfer of all cached Windows passwords; overwriting of computer files of the email receivers, denying victims access to their files, and mass emailing of the email to everyone in the receivers’ Outlook address book leading to the overloading of many mail systems around the world.

 

BBC reported Geoff White recently tracked the creator of the email working in a mobile phone repair shop inside a shopping mall in Manila. Onel de Guzman, now 44, admitted to White that he solely created the email containing the “ILOVEYOU” virus, sometimes referred to as “Love Bug” or “Love Letter” virus. The email caused mayhem on May 4, 2000, and in just a span of 24 hours, the ILOVEYOU virus infected an estimated 45 million computers worldwide, causing an estimated US$10 billion in damages.

 

Many of today’s malware programs, such as ransomware, gain access to their victims’ networks by weaponizing emails via spearphishing campaign – a type of a cyberattack that specifically targets victims, crafting malicious emails to suit the target’s profile and tricking the email receiver in clicking a link found in the email body or downloading an attachment. Clicking the said link or downloading an attachment leads to the dropping of a malware on the email receiver’s computer.

 

A recent report from Cisco Talos showed that email remained the top infection vector. Cisco Talos also observed increased compromises of remote desktop services (RDS) as well as compromises of Pulse VPN.

 

Cybersecurity Best Practices in Securing Emails

Avoid clicking on links in unsolicited emails and be cautious of email attachments.

 

Your business and IT have many moving components that should help your business operate and grow. Our staff helps you discover all vulnerable points, and protect it using the right processes tools and technologies, including VPN and RDP.

Call us today (416) 920-3000 to schedule a free evaluation of your environment, or email us at sales@genx.ca

 

 

Leave a Reply

Your email address will not be published.