As per reports from several cybersecurity companies, top attacking vectors used by ransomware groups in the first half of 2020 were recorded as RDP exploits, VPN vulnerabilities, and phishing attacks.
Thought these have been the common vectors for several ransomware groups, many have turned to these since the work-from-home methods have increased during this pandemic.
Top Exploit for Ransomware Groups in H1 2020
Ransomware groups have become active since the start of this pandemic. This is because the nation-wide lockdowns have forced everyone to restrict to their homes, and this sudden shift left not adequate time to prepare work-from-home employees for safeguarding themselves. Thus, there are computers with open RDP ports, improperly configured firewalls, etc.
By analyzing all the attacks that happened, Emsisoft, Coveware, and Recorded Future have published reports on common, or most popular attacking vectors if ransomware groups for the first half of this year. These are; RDP exploits as number one, followed by Phishing email campaigns at second and VPN vulnerabilities at next.
Well, ransomware groups have shifted last year from attacking individuals to organizations, since they garner hefty sums rather than petty payments.
Remote Desktop Protocol (RDP) is available in every windows system that would allow corporates to communicate with their employee’s users for remote guiding. Though useful, it’s often left open by users without any cause, letting attackers exploit this.
Attackers scan for open RDP ports and brute force them with a set of easy credentials to gain access. Earlier, several hackers have exploited this vulnerability to gain access and gather all such RDPs to enlist in their RDP shops on the dark web. Now, most of them have closed the shops to partner with some ransomware groups exclusively to exploit.
Next in the line were the spear-phishing attacks, where targets were sent phishing emails to get their credentials and impersonate them or steal data. At last, VPN vulnerabilities like Pulse Secure, Palo Alto Networks, F5, and Citrix were exploited much in the H1 of 2020.
