Cybersecurity News in Asia

Features
- Featured
  
  Shape up against the ransomware evolution or ship out!
  
  Friday, March 31, 2023, 5:33 PM Asia/Singapore | Features, Newsletter
- Featured
  
  Generative AI: Double-edge sword or coin?
  
  Thursday, March 30, 2023, 1:34 PM Asia/Singapore | Features, Newsletter
- Featured
  
  IoT devices in healthcare – saving or endangering lives?
  
  Tuesday, March 28, 2023, 1:28 PM Asia/Singapore | Features, IoT Security, Newsletter
News
- Featured
  
  US$400,000 worth of crypto stolen via new form of clipboard injector malware
  
  Thursday, March 30, 2023, 5:39 PM Asia/Singapore | News, Newsletter
- Featured
  
  Phishing campaign targets Indonesian Instagram users and banking customers
  
  Wednesday, March 29, 2023, 9:45 AM Asia/Singapore | News, Newsletter
- Featured
  
  Fake search engine ads being used in the region to distribute RATs
  
  Monday, March 27, 2023, 10:14 AM Asia/Singapore | News, Newsletter
Opinions
Tips
Whitepapers
Awards 2022
Directory
E-Learning

News

RDP under fire: 140% surge and rising

By CybersecAsia editors | Tuesday, November 3, 2020, 9:15 AM Asia/Singapore

Bored with capitalizing on COVID-19 fears uncertainties and doubts, cybercrooks are zooming in on lax remote-desktop protocol users …

After months of abusing the COVID-19 theme in their campaigns, cybercriminals appear to have returned to their usual tactics in the Q3 2020, with a focus on attacking remote workers using the vulnerable Remote Desktop Protocol (RDP).

Telemetry from cybersecurity firm ESET has showed further growth in attacks targeting RDP which had been escalating throughout H1 this year.

While the number of unique clients targeted rose by more than a third, the total number of attack attempts has surged by 140%. Other key trends observed in Q3 were the revival of the cryptominer Emotet after months of inactivity, as well as Android banking malware surging following the source code release of the notorious mobile banking trojan Cerberus.

Jiří Kropáč, Head of Threat Detection Labs, ESET, commented: “The continued rise in RDP attacks may be a result of the growing number of poorly-secured systems being connected to the internet during the pandemic, or possibly other criminals taking inspiration from ransomware gangs in targeting RDP.”

Other findings by the firm include:

More Wi‑Fi chips have been determined to be vulnerable to KrØØk-like bugs: the Microsoft Azure Sphere development kit; chips by MediaTek (on the Asus RT-AC52U router) for which patches have since been issued.
Mac malware (GMERA) bundled with the Kattana cryptocurrency trading application.
An entirely new Linux malware CDRThief—targeting Linux VoIP soft switches to exfiltrate various private data including call detail records (CDRs) for cyberespionage or for VoIP fraud.
A triple threat in regard to cryptocurrencies called KryptoCibule in the Czech Republic and Slovakia.
Details of campaigns leveraging malicious MAXScripts targeting Autodesk 3DS Max.
The spread of Latin American banking trojans Grandoreiro, Mekotio and Mispadu to Europe, new activity of the state-sponsored TA410 threat group.
Information on three modules added to the arsenal of the Gamaredon Group: an SFX archive containing BAT and VBS files; a module using both .BAT and VBS scripts that inject malicious macros into existing documents and also replace the Microsoft Word templates “Normal.dotm” and “NormalEmail.dotm” with malicious versions; and finally an SFX archive containing scripts to scan compromised systems (local and mapped drives) for archives and executables with specific filenames, and modify them.