Cyber-demic’s Dark Side
Brian Stack
Vice President of Engineering & Dark Web Intelligence at Experian Consumer Services
March 2021
A monthly digest on dark web activity which is heavily influenced by the impact of COVID-19, remote working, nation state activity, seasonal scams, major data breaches, as well as general ID theft protection, data trends, tips and recommendations.
---------------------------------------------------------------------------------------------------------------
Not R2-D2, it’s RDP
One year in and we’re all pretty settled working from home but we can’t get too comfortable…There is continued risk for those who are working on Remote Desktop Protocols (RDP) instead of a more secure VPN…While RDP is a quick and cheap tool to allow for collaboration between offsite employees, it brings with it the risk of ports being left freely accessible to outsiders…CybelAngel analysts reviewed data last year to determine the number of unsecured RDP ports observed and it grew significantly, while attacks targeting RDPs increased by 768% between Q1 and Q4 last year, according to ESET’s Q4 2020 Threat Report…Read about how unsecure and unprepared companies are to protect themselves from attacks and data breaches due to the pandemic in my colleague Michael Bruemmer’s post.
North Korea wants your Bitcoins
Recently, the US government unsealed indictments against three members of North Korea's military intelligence agency, Reconnaissance General Bureau (aka RGB), for their alleged role in numerous cyberattacks in recent years that resulted in the theft of more than $1.3 billion from organizations worldwide, which includes targeting organizations conducting cryptocurrency transactions since 2018...According to the DoJ, at least some of the malicious activities the three individuals are accused of participating in occurred while they were stationed as RGB operatives in China, Russia, and other countries...So be careful, as the price of crypto rises these attacks will only get more bold and more ingenious...Make sure you are downloading apps from approved and well know sites and vendors only and have anti-virus running to scan these apps...And spend the extra money to store your coins in a hardware wallet so even if an exchange is breached your private keys and tokens are safe.
SolarWinds Mystery
A few months have passed and there is still no clear answer on how the threat actors gained access in the SolarWinds attack...According to the company, current evidence suggests that the most likely attack vector was through a credential compromise or access through a zero-day vulnerability in a third-party app while they also confirmed that an email account belonging to one of its employees was compromised and used to gain access to other accounts in the system...Some cyber researchers have even gone so far as to attribute the attack to Cozy Bear (APT29), an APT group that for some time has been associated with Russia's military intelligence apparatus, the official threat actor still remains unverified.