When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
In the ever-evolving landscape of cyber threats, a significant shift has been observed in the tactics employed by ransomware threat operators, including Remote Desktop Protocol (RDP). According to data from a cybersecurity company, the dwell time – the duration threat operators remain undetected within compromised networks – has plummeted to just five days in the first half of this year, down from nine days in 2022. This acceleration in attack speed is a cause for concern, emphasizing the need for swift and robust countermeasures. Notably, the abuse of the Remote Desktop Protocol (RDP) remains a persistent issue, contributing to the vulnerabilities that threat actors exploit.
The report reveals a noteworthy decline in threat operators’ dwell time, which now stands at a mere five days during the first half of this year. Compared to the ten-day median dwell time recorded in 2022, this sharp reduction highlights the increasing efficiency of ransomware threat actors. The rapid pace of attacks underscores the urgency of fortifying cybersecurity measures to promptly detect and respond to threats.
Ransomware attacks continue to dominate the cyber threat landscape, constituting an overwhelming 68.75% of all cyberattacks tracked by Sophos this year. This statistic underscores the prominence of ransomware as a favored tool among cybercriminals. However, while ransomware actors are swift in their actions, other cybercriminals tend to adopt a more patient approach, extending their dwell time for potential opportunities to arise.
A peculiar trend emerges when considering the dwell times for non-ransomware incidents. While ransomware threat actors are increasingly agile, non-ransomware attackers exhibit an extended dwell time, which has grown from 11 to 13 days in the current year. This dichotomy suggests that while ransomware threat operators exploit quick wins, other cybercriminals adopt a more persistent strategy, potentially waiting for exploitable moments.
The findings reveal that data exfiltration has occurred in 43.42% of cases, marking a 1.3% increase from the previous year. The data points toward an emerging pattern of heightened data theft incidents. Paradoxically, the number of data theft attacks has decreased, dropping to 31.58% in the first half of 2023 from 42.76% in 2022. This trend is supported by a rise in incidents where confirmation of non-exfiltration was obtained (up from 1.32% to 9.21%).
Further insights are gained when analyzing the temporal aspects of attacks. The data reveals that threat actors, including ransomware operators, prefer striking organizations on Tuesdays, Wednesdays, and Thursdays. This strategy capitalizes on understaffed organizations during late local workdays, enabling the intrusion to develop undetected. Notably, ransomware incidents peak on Fridays and Saturdays, taking advantage of reduced responsiveness over the weekend. The report underscores the persistence of the Remote Desktop Protocol (RDP) as a favored tool among attackers. A staggering 95% of intrusions involved the exploitation of Remote Desktop Protocol vulnerabilities. However, it’s vital to note that while RDP was predominantly used for internal activities (93% of cases), only 18% of attacks utilized it externally. This pattern underscores the critical importance of securing RDP to mitigate potential risks.
Considering these trends, the cybersecurity company recommends prioritizing the security of Remote Desktop Protocol. By denying unauthorized access via RDP, organizations can effectively thwart threat operators and force them to expend more significant effort and time breaking into networks. This delay can significantly enhance the chances of detecting and responding to intrusions. Furthermore, maintaining a vigilant approach to data storage and regular checks can aid in identifying threat actors within the network’s early stages, enabling a proactive response.
The cyber threat landscape continues to evolve, with ransomware actors showcasing heightened attack agility. The decreasing dwell time accentuates the urgency of implementing robust cybersecurity measures. As the abuse of Remote Desktop Protocol remains a persistent concern, organizations must prioritize its security to minimize vulnerabilities. By understanding emerging attack patterns and adopting vigilant practices, organizations can enhance their defense mechanisms and proactively safeguard against the ever-adapting threat landscape.
At SpearTip, our firewall review allows our certified engineers to analyze the configurations and interactions of companies’ network infrastructure with the expertise of a skilled penetration tester. Our team helps discover vulnerabilities in firewall systems and enables companies to dedicate their resources to evaluate and prioritize fixes. We provide remediation steps for all uncovered weaknesses to ensure a strengthened security posture, including for people, processes, and technology within the security environment. Our team’s extensive experience gained through responding to tens of thousands of security incidents and our consulting team’s expertise in researching the most modern security practices will improve their operational, procedural, and technical control gaps based on security standards.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
In order to enhance protection against Remote Desktop Protocol attacks, individuals and organizations can implement several measures. These include ensuring strong and unique passwords for RDP accounts, enabling multi-factor authentication, regularly updating and patching RDP software, restricting RDP access to trusted IP addresses or implementing a virtual private network (VPN) for secure connections, and monitoring RDP logs for suspicious activity.
Attackers commonly exploit Remote Desktop Protocol vulnerabilities through various methods. Some prevalent techniques include brute-force attacks, where they attempt to guess weak passwords or use password-cracking tools, exploiting unpatched vulnerabilities in RDP software, and leveraging social engineering techniques to trick individuals into revealing their RDP credentials.
Successful Remote Desktop Protocol attacks can have long-term consequences beyond immediate data theft or operational disruption. These may include reputational damage for organizations, potential legal and regulatory consequences, financial losses resulting from compromised systems or stolen data, and the possibility of further targeted attacks or exploitation of the compromised network by the initial attackers or other threat actors.
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.