Get Permission
Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify various distributed denial-of-service attacks, according to a report from application and network performance firm Netscout.
Netscout researchers have identified about 33,000 vulnerable Microsoft RDP servers that could be abused by threat actors to boost their DDoS attacks. RDP is a proprietary Microsoft communications protocol that system administrators and employees use to remotely connect to corporate systems and services.
Microsoft RDP can be configured by Windows systems administrators to run on TCP port 3389 or UDP port 3389, according to the report.
The researchers found that when the Microsoft RDP service is configured to UDP port 3389, attacks could amplify network packets from vulnerable ports and redirect that traffic to targeted IP addresses, increasing the size of a DDoS attack at little cost, according to the report.
GovInfoSecurity
Compliance
gsuparna) • January 11, 2021
Adam Turteltaub, chief engagement and strategy officer at the Society of Corporate Compliance and Ethics Adam Turteltaub, chief engagement and strategy officer at the Society of Corporate Compliance and Ethics, says compliance teams should create a dashboard of data that will help keep track of actions taken by staff members who are working remotely. “Data analytics and dashboards help compliance teams to look at data and understand if the current compliance program is actually working for them,” he says. If your data is in different places, it is very hard to convince regulators that you truly have a thorough compliance program.”
Diagram shows how ransomware operators incorporate the SystemBC malware into an attack. (Source: Sophos)
Several recent ransomware attacks, including those involving Ryuk and Egregor, have used a commodity malware variant called SystemBC as a backdoor, security firm Sophos reports.
First uncovered by security firm Proofpoint in August 2019, SystemBC works as a network proxy for concealed communications and as a remote access Trojan, or RAT, that allows threat actors to deploy additional commands and scripts to infected Windows devices and to gather data.
While researchers have tracked SystemBC over the years, the Sophos report finds that its creators have added new features, which ransomware operators and their affiliates are taking advantage of to deploy their crypto-locking malware.
Andrew Levine (left), partner, Debevoise & Plimpton LLP; Vincent Walden, managing director, Alvarez and Marsal
To improve compliance efforts, organizations can turn to a number of technologies, including data analytics. Vincent Walden, managing director at Alvarez and Marsal, and Andrew Levine, partner, Debevoise & Plimpton LLP, share their views on making the most of automation and integration tools. “The pandemic saw increased use of data analytics for data monitoring by compliance teams, Walden says. As compliance and audit teams could not pay site visits, data analytics went a long way in risk assessment.”
Levine adds: “There is an increased reliance on data as a critical tool for mitigating risks. We need to understand how to use that data on a regular basis to understand changing risk profiles.
LinkedIn
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations risk management capabilities. But no one is showing them how - until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 - the bible of risk assessment and management - will share his unique insights on how to:
Understand the current cyber threats to all public and private sector organizations;