Techies Diary

xx Working from home risks!
August 12, 2020, 06:31:02 PM by JnL staff
In recent months, organisations across every sector have come to rely heavily on Remote Desktop Protocol (RDP) to maintain business continuity while respecting social distancing.
However, the rapid shift to remote working has also provided a unique opportunity for ransomware groups. Threat actors predicted that many organizations would not have the time or resources to securely implement RDP during the mass transition to working from home and, as a result, may be vulnerable to compromise.
They were right. The number of Internet-exposed RDP ports grew from approximately 3 million in January 2020 to more than 4.5 million in March, according to a McAfee report.
In this blog post, we will discuss why threat actors use RDP to deploy malware, how our solutions protect users against RDP brute-force attacks and best practices for mitigating RDP-based threats.

What is RDP?
RDP is a network communications protocol developed by Microsoft. Available for most Windows operating systems, it provides a graphical interface that enables users to connect remotely to a server or another computer. RDP transmits the display of the remote server to the client and the input of peripherals (such as keyboard and mouse) from the client to the remote server, effectively allowing users to control a remote computer as though they were operating it in person.
RDP is typically used in a business environment to allow end users to remotely access files and applications stored on the organization’s local network. Administrators also commonly use RDP to remotely diagnose and resolve technical problems with end users’ devices.
How attackers use RDP to deploy malware
RDP is generally regarded as a safe and secure tool when used within a private network. However, serious problems may arise when RDP ports are left open to the Internet because it allows anyone to attempt to connect to the remote server. If the connection is successful, the attacker gains access to the server and can do anything within the hacked account’s privilege limits.

This is not a new threat, but the global shift to remote working has underscored the fact that many organisations do not adequately secure RDP – and threat actors are taking advantage. At the start of March 2020, there were about 200,000 daily brute-force RDP attacks in the U.S, according to a Kaspersky report. By mid-April, this number had ballooned to almost 1.3 million. Today, RDP is regarded as the single biggest attack vector for ransomware.

xx Malwares and secure working
August 20, 2015, 06:57:46 PM by JnL staff
Some three weeks ago we had a laptop come in that was not displaying graphics on internet and would run extremely badly and was very slow at times. The customer stated that they cannot get into their pictures and was getting message “Your files are corrupted and need decrypting” this then offered a site to have this service performed at a cost. Needless to say the files were encrypted.

As a matter of knowledge we went about decrypting the files and recovered the pictures, upon inspection it was obvious that these were not holiday and family pictures as expected. The files were of a very serious illegal pornographic type.

The customer was as we expected very upset over this and did in fact have them on a USB stick, those pictures were intact.

Removal of the root kit found on the laptop was performed and the laptop made clean, although the customer had a well know anti-virus system installed, it failed miserable to prevent this. The customer was advised to contact the Police authorities and our report was given. They also brought in all devices that have connected to this laptop and windows based “Mobile phone” was found infected also. No back on this device so the customer was advised that only a factory reset would clean this device and all data (music, pictures and contacts) would be lost. They reluctantly agreed to this and this was performed.

They were also advised that even if you visit malware sites (as prompted by the browser firefox), you must take heed of warnings and that security is not a program to protect you but a way of using and working with your devices.

After all why have a “Burglar alarm installed if you leave your street door open so anyone can walk in.

Going to cracked software and porn sites can give you more than you expect to get.

If you lie with dogs you may catch fleas.
thumbdown Windows 10 forced updates.
August 12, 2015, 03:39:06 PM by JnL staff
It has been almost two weeks since Windows 10 was released to the public and we had many discussions regarding windows 10.

The latest from Microsoft is you cannot choose how you want the windows update to function.

One time you could choose automatic, download and install on the fly, download and install the components you wanted or not at all. M$ deemed to make it mandatory with no choice (every new windows number has less choice for the user). The latest Windows10 update was less than desirable and caused error, so windows rolls back and then, forces the troubled update. We have had a flurry of laptops come in to our workshop to fix this.

More convinced than ever now that Linux is the way for users to control how and when they use their machines. After all how would you react if you bought a car and was unable to use your car/truck/motorcycle as it needs to be washed, waxed and dried by the supplier but the wax had dirt in it so it has to be rinsed off, washed and waxed with the contaminant once again. All the time you cannot use your vehicle until it's washed and waxed successfully. Would you accept this? NO I don't think so!
Powered by SMFBlog by

Powered by EzPortal