“You may have been hacked and don’t know it,” in other words, Microsoft warns: Although hackers haven’t threatened to leak your data, it doesn’t mean they haven’t.
The ransomware attacks, usually aimed at stealing money, did not stop even during the global corona crisis. Contrary to recent reports that hackers have pledged not to attack hospitals, medical companies, and government institutions, new file-encrypting malware has been released in the first weeks of April, causing chaos.
Microsoft ‘s Threat Protection Intelligence Team points out that “hackers have been hacking target networks for quite some time now and are waiting to liquidate their attacks when they have the greatest financial benefit. Many of these attacks began with the infringement of vulnerable devices, while others used brute force to infringe on RDP servers. In this way, malicious users gain access to system administrator accounts. “
MICROSOFT: “YOU MAY HAVE BEEN HACKED AND DON’T KNOW IT”
Recent campaigns have targeted mainly RDP and Virtual Desktop endpoints that did not have multiple-factor authentication enabled, systems with unsupported software such as Windows Server 2003 and 2008, web servers with incorrect configuration, vulnerable Citrix (Netscales Vseure Secure) ADC Pul systems and .
As intruders are constantly scanning the internet for such system errors, administrators who have not fixed security vulnerabilities are at a disadvantage.
What is worrying is the new tactics of hackers to make money. Essentially, they steal the data before encrypting it, and then ask for a ransom so as not to publish it. Microsoft even claims that many hackers, even after payment, retain some access to the data for future blackmail.
Microsoft’s advice is to empty the networks of PowerShell, Cobalt Strike and other penetration-testing tools.
Security experts should check:
- RDP endpoints and Virtual Desktop endpoints without MFA
- Citrix ADC systems affected by CVE – 2019 – 19781
- Pulse Secure VPN affected by CVE – 2019 – 11510
- Microsoft SharePoint servers affected by CVE – 2019 – 0604
- Microsoft Exchange servers affected by CVE – 2020 – 0688
- Zoho ManageEngine systems affected by CVE – 2020 – 10189