Hackers Target RDP Servers To Gain Initial Access To Corporate Networks

Share post:

Researchers have noticed an increase in vulnerabilities used in infiltrating organizations. According to cybersecurity firm Group-IB, the threat actors target remote desktop (RDP) servers that are exposed on the web for initial access into a network.

Group-IB explained that in 2021, ransomware gangs began to focus on several vulnerabilities in public-facing applications, and quickly moved to add exploits for newly uncovered security issues.

Vulnerabilities commonly used by ransomware attackers include CVE-2021-20016 (SonicWall SMA100 SSL VPN), CVE-2021-26084 (Atlassian Confluence), CVE-2021-26855 (Microsoft Exchange), CVE-2021-27101 (Accellion FTA), CVE-2021-27102 (Accellion FTA), CVE-2021-27103 (Accellion FTA), and CVE-2021-27104 (Accellion FTA).

Others include CVE-2021-30116 (Kaseya VSA), CVE-2021-34473 (Microsoft Exchange), CVE-2021-34523 (Microsoft Exchange), CVE-2021-31207 (Microsoft Exchange), and CVE-2021-35211 (SolarWinds).

A joint report by Cyber Security Works, Securin, Cyware and Ivanti showed that the number of bugs related to ransomware attacks rose to 310 in the first quarter of 2022.

Group-IB cites the leaks of the threat actors and claims that ransomware gangs have released information from 3,500 victims, most of whom are based in the U.S. (1,655).

Ransomware gangs with the most aggressive operations in 2021 were LockBit (670) and Conti (640), while Pysa came third with data from 186 victims published on their leak sites.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Compel social media apps to toughen their privacy, trust practices, Parliament told

Committee hearing told social media apps can be exploited for propaganda and radi

Canada, U.S. sign international guidelines for safe AI development

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to follow for overseeing AI in

Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more

This episode reports on the latest ransomware attacks, and details of how a gang that scams people selling used products on

Cyber Security Today, Week in Review for the week ending November 24, 2023

This episode features discussion on Australia's decision to not make ransowmare payments illegal, huge hacks of third-party service suppliers in Canada and the U.S. and whether email and smartphone service providers are doing enough to protect

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways