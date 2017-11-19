'Lazy' Hackers Exploit Microsoft RDP To Install Ransomware (sophos.com) 13
An anonymous reader writes: An investigation by Sophos has uncovered a new, lazy but effective ransomware attack where hackers brute force passwords on computers with [Microsoft's] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, turn off security software and then manually run fusty old versions of ransomware.
They even delete the recovery files created by Windows Live backup -- and make sure they can also scramble the database. "Because they've used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet 'for free'."
Most of the attacks hit small-to-medium companies with 30 or fewer employees, since "with small scale comes a dependence on external IT suppliers or 'jack-of-all-trades' IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff."
"Lazy" hackers? (Score:2)
You're either a hacker or you're not.
What the article talks about isn't hacking. It's using what actual hackers have made/found to maliciously exploit software for their own purposes/enjoyment.
I don't practice hacking, but I have a pretty deep respect for the actual hackers. Most of the time the when the mainstream media uses the term, they're referring to script kiddies.
It shouldn't have to be repeated on a site like this that hacking isn't necessarily malicious by definition.
I used RDP ... (Score:2)
What I did was go to the registry and change the standard port from 3389 to the last 4 digits of our front office telephone and block 3389 inbound/outbound at the firewall.
Those with remote desktop privileges had to append the new port to the RDP request:
173.234.22.16:9182
That stopped that shit.
Re: (Score:3)
Thanks, I have noted down that number now.
--your friendly network neighbourhood hacker.
Re: (Score:2)
Switching the SSH port is helpful as well, if you expose port 22 at all to the outside world. So is blocking and forcing users to use specified, non-standard VNC ports: too many personnel at home use that to work their way around workplace password management. I've personally encountered too many IT personnel who slip past their own workplace access policies by slipping a VNC installation onto their most critical servers, so they can access it as needed or share on-site screens with offsite access.
So... (Score:2)
Is that RDP thing on by default on Windows 10?
Re: (Score:3)
No, it's not. But it's _very_ common to activate it foe personnel who use their more powerful desktop systems for telecommunication. It's also very standard to enable for Windows hosts in a machine room, unless you've the time and resources to set up a remote KVM or the hardware based remote consoles such as DRAC. Those hosts are often surprisingly vulnerable. The various security improvements of a server environment can be overwhelmed by the unwillingness to update, and reboot, production servers. It's als
3 ways to crack (Score:2)
Correct me if I am wrong, but there are three basic ways to crack a password.
1) Brute force - the answer to this is long passwords and to have each password attempt take twice as long as the last. I.E. The second attempt after a failure waits 5 seconds. The third attempt takes 10 seconds, the fourth takes 20 seconds, etc. For password length you can use an md5 hash of a selected read -only file. If the system is set up right it will take less mouse clicks to do than the 8 keyboard clicks currently used