RDP Attack Escalation & Domestic Kitten APT – Expert Perspective

Business Data Breach

Expert(s): Saryu Nayyar | Informationsecuritybuzz.com » 

Researchers from ESET discovered a record “29 billion attempted RDP attacks across the year”, noting there was a “768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020.”

Also, Check Point researchers are reporting continued surveillance of Iranian citizens by the threat group Domestic Kitten saying their Furball malware can be found on everything from security apps to wallpapers and is considered a threat to the Iranian regime.  A Gurucul expert offers commentary on both topics.

Saryu Nayyar

| February 09, 2021

Saryu Nayyar, CEO, Gurucul

Threat actors have seen newly remote workers as low hanging fruit.

The massive increase in RDP (Remote Desktop Protocol) attacks against remote workers over the course of 2020 is no surprise, and it will almost certainly continue into 2021. The increase came with the shift to remote work necessitated by the pandemic and threat actors have seen newly remote workers as low hanging fruit.

Remote workers need to take care to patch their own home systems, practice good password hygiene, and enable multi-factor authentication wherever possible to help improve their own security. Organizations need to do the same, as well as review their own security stack with a focus on the remote workforce, including security analytics and tracking behavioral factors that could indicate a remote breach or a compromised account.

Domestic Kitten:

The APT (Advanced Persistent Threat) group Domestic Kitten, with its ties to the Iranian government, and their FurBall malware, is interesting in that it is evidently deployed against domestic targets within Iran. This appears to be a case of a sovereign state using malware to perform surveillance on their own citizens.

It is not surprising to see a State level intelligence agency using these tactics, and it is almost certainly happening in other nations using their own techniques. But it does point out that users and organizations need to remain vigilant and deploy the best cybersecurity they can, whether it is in the enterprise environment or on their own personal gear.

RDP Attack

Share this page:

Related Posts