Hackers Target RDP Servers To Gain Initial Access To Corporate Networks

Share post:

Researchers have noticed an increase in vulnerabilities used in infiltrating organizations. According to cybersecurity firm Group-IB, the threat actors target remote desktop (RDP) servers that are exposed on the web for initial access into a network.

Group-IB explained that in 2021, ransomware gangs began to focus on several vulnerabilities in public-facing applications, and quickly moved to add exploits for newly uncovered security issues.

Vulnerabilities commonly used by ransomware attackers include CVE-2021-20016 (SonicWall SMA100 SSL VPN), CVE-2021-26084 (Atlassian Confluence), CVE-2021-26855 (Microsoft Exchange), CVE-2021-27101 (Accellion FTA), CVE-2021-27102 (Accellion FTA), CVE-2021-27103 (Accellion FTA), and CVE-2021-27104 (Accellion FTA).

Others include CVE-2021-30116 (Kaseya VSA), CVE-2021-34473 (Microsoft Exchange), CVE-2021-34523 (Microsoft Exchange), CVE-2021-31207 (Microsoft Exchange), and CVE-2021-35211 (SolarWinds).

A joint report by Cyber Security Works, Securin, Cyware and Ivanti showed that the number of bugs related to ransomware attacks rose to 310 in the first quarter of 2022.

Group-IB cites the leaks of the threat actors and claims that ransomware gangs have released information from 3,500 victims, most of whom are based in the U.S. (1,655).

Ransomware gangs with the most aggressive operations in 2021 were LockBit (670) and Conti (640), while Pysa came third with data from 186 victims published on their leak sites.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Apple reduces forecasts for Vision Pro as demand cools in key US market

In an unexpected shift, Apple has drastically reduced its shipment forecasts for the upcoming Vision Pro, indicating a...

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI surpasses human benchmarks in most areas: Stanford report

Stanford University’s Institute for Human-Centered Artificial Intelligence (HAI) has published the seventh annual issue of its AI Index...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways