• Neeve
  • Posts
  • 🛡️ RDP Exploits & Supply Chain Risks

🛡️ RDP Exploits & Supply Chain Risks

Fines, leaks, and hacks—key cyber updates

Author

Alison Bridge
December 03, 2024

In this week's Neeve issue, we're unpacking the surge of RDP-based ransomware that's making headlines. CISA just released their Red Team playbook (and it's revealing), while weak VPN credentials continue fueling the ransomware fire.

Coming up this week:

  • 🛡️ Ransomware Surge via RDP Exploits

  • 🔴 CISA Unveils Red Team TTPs

  • 👾 Weak VPN Credentials Drive Ransomware

  • 🗞️ Further Alerts & Insights

Ransomware Surge via RDP Exploits

Elpaco ransomware is exploiting weak Remote Desktop Protocol (RDP) setups to deploy payloads.

  • Attackers use brute force to bypass credentials and gain full network access.

  • Systems without multi-factor authentication (MFA) or with exposed RDP ports are primary targets.

  • Elpaco’s payload encrypts critical data, demanding payments in cryptocurrency.

🤔 The Bigger Picture:

RDP remains a top attack vector for ransomware campaigns, yet many organizations fail to secure it adequately. Implementing MFA and restricting RDP access to trusted IPs can significantly lower risk. A proactive approach to securing remote access is critical for hybrid or fully remote workforces.

CISA released a detailed report on tactics, techniques, and procedures (TTPs) used by its red teams during security assessments.

  • The report focuses on common vulnerabilities, including phishing, misconfigured networks, and unpatched systems.

  • Guidance includes defensive measures such as network segmentation, monitoring for lateral movement, and improving incident response.

🤔 The Bigger Picture:

By revealing red team TTPs, CISA equips organizations with actionable insights to strengthen their defenses. This transparency helps security teams identify and address weak points in their networks before attackers exploit them. Incorporating these learnings into regular security drills can significantly improve resilience.

Ransomware

Attackers are exploiting weak VPN credentials to breach corporate networks, targeting two critical vulnerabilities (CVE-2024-5921 and CVE-2024-29014).

  • Poor password policies and lack of multi-factor authentication (MFA) leave VPNs open to brute-force attacks.

  • These breaches have led to ransomware deployment, data exfiltration, and extended downtime for victims.

🤔 The Bigger Picture:

Remote work relies heavily on VPNs, but their security vulnerabilities make them a target for attacks. Enforcing MFA, strong password policies, and prompt patching of vulnerabilities is crucial for organizations. Boosting VPN security helps to avoid costly breaches and ransomware attacks.

Experience Neeve in Action

Your operations deserve better than patchwork solutions. Join us for a personalized demo to see how Neeve creates a secure, scalable foundation for your operational technology future.

Further Alerts & Insights

📰 Blue Yonder Ransomware Disrupts Supply Chains

Ransomware attack on Blue Yonder halted U.S. supply chain operations, affecting logistics and retail services. Disruptions include delayed deliveries, inventory shortages, and impacted major retail networks. The incident highlights vulnerabilities in third-party logistics software platforms.

📰 First UEFI Bootkit for Linux Found

Researchers discovered Bootkitty, the first UEFI bootkit targeting Linux. The malware embeds itself in firmware, making it highly persistent and hard to detect.

📰 Pacemaker Vulnerabilities Expose Patients to Risk

Researchers uncovered critical vulnerabilities in pacemaker technology, allowing remote tampering with device settings. Issues include insecure communication protocols and outdated software in devices and management systems. Attackers could disrupt or disable pacemaker functions, posing life-threatening risks.

📰 Ransomware Payment Demands Skyrocket

Average ransomware payment demands increased by 35% in 2024, with healthcare and critical infrastructure sectors hit hardest. Attackers are employing double and triple extortion tactics, including threats to leak data or attack customers. Many organizations face increasing pressure to pay due to regulatory fines, reputational damage, and downtime costs.

📰 RomCom Backdoor Exploits New CVEs

RomCom malware is leveraging two critical vulnerabilities, CVE-2024-9680 and CVE-2024-49039, to deploy backdoors in targeted networks. Attackers use phishing campaigns to distribute malicious documents exploiting these flaws in unpatched systems. The backdoor enables data exfiltration, lateral movement, and the installation of additional payloads.