Cloud Threats Memo: Beware Outsourced Cyber Attacks and Compromised Credentials

The trove of 1.3 million RDP credentials leaked recently is yet again proof that, In the underground economy, initial access brokerage is a flourishing market. Cybercriminals are outsourcing the initial access stage of the attack, so they can better focus on the execution and act more quickly.

There is a wide availability of compromised credentials (such as RDP and VPN logins) on the black market: the overnight shift to remote work has led many organizations to publish their internal services without an adequate level of protection (such as multi-factor authentication or a password change policy) exposing them to brute-force or password-spraying attacks. To make matters worse, a perfect storm has hit multiple remote access technologies and on-prem services, including Exchange email servers, which have suffered an unprecedented wave of critical vulnerabilities immediately exploited by attackers. Ironically, those systems that were meant to support organizations the most during the pandemic, have become the entry points.

This is a concrete risk for organizations exposed to ransomware attacks (according to a recent report, compromised RDP accounts accounted for nearly 50% of ransomware attacks during Q1 2021), or cyber espionage campaigns.

How Netskope mitigates the risk of unsecured exposed services

Netskope Private Access allows organizations to publish resources (including RDP servers) in a simple and secure manner, embracing the Zero Trust paradigm and without the limitations of legacy remote access technologies. It is possible to publish and segment resources located in a local data center, or in a public cloud, without requiring inbound connections that can be probed by threat actors. There is also no need for any on-prem hardware device to install, patch, and maintain, which avoids scalability issues and performance bottlenecks. Finally, a check on the security posture of the endpoint is enforced before accessing the target application. A smarter and more secure way to provide remote connectivity in the “new normal.”

Stay safe!