RDP Attack Escalation & Domestic Kitten APT – Expert Perspective

Researchers from ESET discovered a record “29 billion attempted RDP attacks across the year”, noting there was a “768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020.”  

Also, Check Point researchers are reporting continued surveillance of Iranian citizens by the threat group Domestic Kitten saying their Furball malware can be found on everything from security apps to wallpapers and is considered a threat to the Iranian regime.  A Gurucul expert offers commentary on both topics.

Experts Comments

February 09, 2021
Saryu Nayyar
CEO
Gurucul

The massive increase in RDP (Remote Desktop Protocol) attacks against remote workers over the course of 2020 is no surprise, and it will almost certainly continue into 2021.  The increase came with the shift to remote work necessitated by the pandemic and threat actors have seen newly remote workers as low hanging fruit.

 

Remote workers need to take care to patch their own home systems, practice good password hygiene, and enable multi-factor authentication wherever possible to help improve

.....Read More

The massive increase in RDP (Remote Desktop Protocol) attacks against remote workers over the course of 2020 is no surprise, and it will almost certainly continue into 2021.  The increase came with the shift to remote work necessitated by the pandemic and threat actors have seen newly remote workers as low hanging fruit.

 

Remote workers need to take care to patch their own home systems, practice good password hygiene, and enable multi-factor authentication wherever possible to help improve their own security.  Organizations need to do the same, as well as review their own security stack with a focus on the remote workforce, including security analytics and tracking behavioral factors that could indicate a remote breach or a compromised account.

 

Domestic Kitten:

 

The APT (Advanced Persistent Threat) group Domestic Kitten, with its ties to the Iranian government, and their FurBall malware, is interesting in that it is evidently deployed against domestic targets within Iran.  This appears to be a case of a sovereign state using malware to perform surveillance on their own citizens.

 

It is not surprising to see a State level intelligence agency using these tactics, and it is almost certainly happening in other nations using their own techniques.  But it does point out that users and organizations need to remain vigilant and deploy the best cybersecurity they can, whether it is in the enterprise environment or on their own personal gear.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.