RDP Attack Escalation & Domestic Kitten APT – Expert Perspective

By   ISBuzz Team
Writer , Information Security Buzz | Feb 09, 2021 06:01 am PST

Researchers from ESET discovered a record “29 billion attempted RDP attacks across the year”, noting there was a “768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020.”  

Also, Check Point researchers are reporting continued surveillance of Iranian citizens by the threat group Domestic Kitten saying their Furball malware can be found on everything from security apps to wallpapers and is considered a threat to the Iranian regime.  A Gurucul expert offers commentary on both topics.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
February 9, 2021 2:35 pm

<p>The massive increase in RDP (Remote Desktop Protocol) attacks against remote workers over the course of 2020 is no surprise, and it will almost certainly continue into 2021.  The increase came with the shift to remote work necessitated by the pandemic and threat actors have seen newly remote workers as low hanging fruit.</p> <p> </p> <p>Remote workers need to take care to patch their own home systems, practice good password hygiene, and enable multi-factor authentication wherever possible to help improve their own security.  Organizations need to do the same, as well as review their own security stack with a focus on the remote workforce, including security analytics and tracking behavioral factors that could indicate a remote breach or a compromised account.</p> <p> </p> <p><b>Domestic Kitten:</b></p> <p> </p> <p>The APT (Advanced Persistent Threat) group Domestic Kitten, with its ties to the Iranian government, and their FurBall malware, is interesting in that it is evidently deployed against domestic targets within Iran.  This appears to be a case of a sovereign state using malware to perform surveillance on their own citizens.</p> <p> </p> <p>It is not surprising to see a State level intelligence agency using these tactics, and it is almost certainly happening in other nations using their own techniques.  But it does point out that users and organizations need to remain vigilant and deploy the best cybersecurity they can, whether it is in the enterprise environment or on their own personal gear.</p>

Last edited 2 years ago by Saryu Nayyar

Recent Posts

Would love your thoughts, please comment.x