Blog Threat Labs Memorando sobre las amenazas en la nube: Cuidado con los ciberataques externalizados y las credenciales comprometidas
Apr 28 2021

Cloud Threats Memo: Beware Outsourced Cyber Attacks and Compromised Credentials

The trove of 1.3 million RDP credentials leaked recently is yet again proof that, In the underground economy, initial access brokerage is a flourishing market. Cybercriminals are outsourcing the initial access stage of the attack, so they can better focus on the execution and act more quickly.

There is a wide availability of compromised credentials (such as RDP and VPN logins) on the black market: the overnight shift to remote work has led many organizations to publish their internal services without an adequate level of protection (such as multi-factor authentication or a password change policy) exposing them to brute-force or password-spraying attacks. To make matters worse, a perfect storm has hit multiple remote access technologies and on-prem services, including Exchange email servers, which have suffered an unprecedented wave of critical vulnerabilities immediately exploited by attackers. Ironically, those systems that were meant to support organizations the most during the pandemic, have become the entry points.

This is a concrete risk for organizations exposed to ransomware attacks (according to a recent report, compromised RDP accounts accounted for nearly 50% of ransomware attacks during Q1 2021), or cyber espionage campaigns.

How Netskope mitigates the risk of unsecured exposed services

Netskope Private Access allows organizations to publish resources (including RDP servers) in a simple and secure manner, embracing the Zero Trust paradigm and without the limitations of legacy remote access technologies. It is possible to publish and segment resources located in a local data center, or in a public cloud, without requiring inbound connections that can be probed by threat actors. There is also no need for any on-prem hardware device to install, patch, and maintain, which avoids scalability issues and performance bottlenecks. Finally, a check on the security posture of the endpoint is enforced before accessing the target application. A smarter and more secure way to provide remote connectivity in the “new normal.”

Stay safe!

author image
About the author
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of…