The system under attack from RDP botnet
We have discovered a significant number of Remote Desktop Protocol (RDP) servers exposed to the internet. Exposed servers leave them open to relatively simple password attacks or compromises through vulnerabilities such as BlueKeep (CVE-2019-0708).
This year we have seen various distributed internet-based attacks seeking to exploit these holes in security.
Fileless Malware infection stealing domain administrator credentials
Domain Admin credentials are considered to be the linchpin for Active Directory functionality and security. When these credentials are compromised, extensive remediation efforts are required. This year we were able to detect and offer remediation advice following one of these events. We have also seen a trend of administrative workstations being used to browse the open internet. This type of activity increases the risk of compromise even further.
The prolific use of online document conversion sites
Having the right document in the right format with the right file size is often an unwelcome burden for users. We have seen a significant uptick in users attempting to upload potentially sensitive company data to untrusted file conversion sites.
Copying sensitive company information to use in research presentations
Subject matter experts are always keen to further their professional development with submissions to journals and conferences. In these findings, we discovered activities that showed users taking screenshots of company data for this purpose.
Transferring of sensitive company data via untrusted cloud sharing websites and services
In high stress, fast-paced organizations, sometimes “getting the job done” replaces security as a primary driver. We have seen a significant increase in users transferring potentially commercially sensitive material via untrusted and unsanctioned means. These include personal email, instant messaging services such as WhatsApp and untrusted 3rd party websites. We have also seen programmers connecting back to their home computers to check code rather than using sanctioned company resources.
Bonus trend: Users treating corporate IT assets as if they were home computers
An IT departments’ goal is to provide services to its users that are easy enough to use and do not interfere with the everyday operation of the business. In many cases, we have seen that they have succeeded. With this success comes an interesting trend that we have noted. The easier an IT environment is to use, the easier it is for the user to “forget themselves” and stray into dangerous on unnecessary digital behavior.
While these actions may, in and of themselves, not be malicious or specifically compromising, they do aggregate to increase an organization’s risk exposure. This year we have been working with customers to identify these trends and assist in educating users in the safer and more appropriate use of company resources. After all, it is much better to prevent a data breach than have to remediate after one has occurred.