Written by: Vikram Navali, Senior Technical Product Manager – Threat actors often target remote services to gain unauthorized access to internal systems and launch ransomware attacks. Once inside the victim’s network, their goal is to exploit remote services, move laterally and gain access to remote systems primarily targeting Domain Controllers, file shares, and similarly high-value servers. According to the DFIR 2021 Year In Review report (dated March 7, 2022), 27% of lateral movement techniques resulted in interactive connections usage such as AnyDesk, RDP, VNC, etc.
Written by: Mike Parkin, Product Marketing Engineer – A recent blog post by Ionut Arghire over at SecurityWeek highlighted both Remote Desktop Protocol (RDP) attacks, and attackers using obfuscation and encryption techniques to mask communication while they’re leveraging RDP. It’s an interesting read and it goes into some depth on the specific tools and techniques involved.