eLearnSecurity Cyber Security News Roundup: June 25
eLearnSecurity Launches Version 2 of Penetration Testing eXtreme
On Tuesday, June 23, eLearnSecurity released the latest version of Penetration Testing Extreme, our most advanced pentesting course. We overhauled PTXv2 to address modern TTPs, especially regarding Active Directory attacks. Our course designers have also created 100+ hands-on red teaming challenges spread across 11+ attack scenarios in our industry leading labs.
In tandem with the release of PTXv2, eLearnSecurity is also celebrating Red Team Month. From now until June 30th, all our ethical hacking and red team courses are 25% off with the code RED-025. Whether you’re starting your cyber security journey or you’re a seasoned veteran who is ready for the next step in their career, eLearnSecurity has a course for you.
RDP Brute Force Attacks Increase as More People Work From Home
Microsoft’s Remote Desktop Protocol, used by IT departments to virtually troubleshoot tech issues, has received an influx of brute force attacks since the beginning of the COVID-19 pandemic. According to Threat Post, “A successful attack would give cybercriminals remote access to the target computer with the same permissions and access to data and folders that a legitimate user would have.”
Cyber criminals are exploiting the new work from home environment, where millions of laptops and IoT devices are now less secure than they would have been in an office setting. The cyber security company Kaspersky published their research on RDP attacks, showing that brute force attacks went from about 200k attempts per day in January to a high of 1.5 million per day in mid-March.
Attackers are searching for improperly configured RDP systems and using brute force to attack companies that do not implement a multi-layered approach to security, including strong passwords and multi-factor authentication.
LinkedIn Attacks Hit European Defense Firms
Social media is a breeding ground for social engineering-related cyber crimes. ESET reported recently that cyber spies posed as recruiters at U.S. defense company Collins Aerospace and General Dynamics compromised networks at two European corporations.
The malicious actors used fake job opportunities to connect with a target on LinkedIn and begin a conversation that built trust between the attacker and the victim. Criminals then sent job description PDFs containing malware through LinkedIn’s messenger platform.
While malware associated with fake LinkedIn accounts is a well-trodden TTP—the U.S. accused Chinese spies of exploiting LinkedIn to recruit spies—ESET found that nation-states are still successful using this lo-fi technique. However, this is the first time ESET analysts have seen malware sent directly through LinkedIn. Usually the conversation starts on the social media platform and transitions to email.
Businesses need to understand the risks of social engineering and educate their employees on the importance of skepticism when receiving emails or social media messages from unknown people or groups. Even the most secure companies understand that the human element is a weak link that sophisticated attackers can exploit.
MaxLinear Hit with Maze Attack
The U.S.-based silicon chip manufacturer MaxLinear was hit with a Maze Ransomware attack in early June. The company admitted to the attack after the group behind Maze released customer information when ransomware demands were not met. MaxLinear also said that their operations were briefly affected by the malicious program, but that all systems are now back online.
The organization behind Maze ransomware takes a multi-tiered approach to ensure ransom is paid. First, hackers steal sensitive information and encrypt an organization’s systems, demanding a ransom for the encryption key. If the victim is unwilling or unable to pay, Maze hosts a website where it then releases a portion of the stolen data to encourage payment.
The release of information is key to Maze’s success. Since after a ransomware attack, many companies can reboot their network from a recent backup if one is available, the release of sensitive information is a strong motivating factor.
According to a FireEye report, there were more than 100 documented cases of Maze attacks between May 2019 and May 2020. The company found multiple Russian-speaking criminals offering Maze in a Ransomware-as-a-Service scheme, where an organized criminal enterprise works with affiliates (e.g. customers) to deploy Maze throughout the world.