Top 3 ransomware intrusion vectors — are you letting hackers in?

Top 3 ransomware intrusion vectors — are you letting hackers in?

In an attempt to stay in business during the coronavirus pandemic, many businesses around Toronto, Markham, Mississauga and beyond converted their in-office staff into distributed teams. When restrictions are relaxed, owners and managers will have the option to return to their old setups or allow their staff to continue working remotely.

While all of these changes have been happening, another virus-like element has been spreading and causing widespread harm: ransomware. This means that after implementing physically safe work arrangements, keeping your data safe must be next in your list of priorities. To do that, we first need to look into our most significant vulnerabilities.

In cybersecurity, we like to use the fancy term “vector” to describe the very simple concept of the path or means by which bad actors gain access to your data. Here are three of the most common ransomware intrusion vectors:

Remote Desktop Protocol (RDP)

RDP is the protocol Windows computers use to connect with and control other RDP-enabled computers. To illustrate, if you’re at home on your laptop, you can use RDP to control your office PC as though you were in front of it.

Because the protocol facilitates remote work, it has been used more extensively to allow staff to work from home during the pandemic. However, long before COVID-19 flared up, RDP had already been the most common delivery method for ransomware.

When ransomware attackers shifted their focus from personal accounts to corporate ones, they began by scanning the internet for exposed RDP ports of large enterprises. When they find potential ports, they launch brute force attacks — and those accounts with weak usernames and passwords are put up for sale. And since ransomware kits are also sold on the dark web, even budding villains can launch ransomware campaigns without much hacking expertise.

Nowadays, top-tier managed IT services providers (MSPs) have strengthened their clients’ defenses by securing their RDP connections. In response, ransomware propagators are seen to be focusing on government agencies, healthcare companies, and unprotected small- and medium-sized enterprises.

Business leaders partner up with top-notch MSPs like XBASE to take their SMBs to the next level. Is it time for you to do the same for your business? Read on to find out.

Phishing emails

These emails appearing to come from trusted parties carry ransomware-laced attachments or have links to malicious websites that infect visitors’ machines with malware. Cybercriminals have been capitalizing on our fears surrounding COVID-19 for quite some time now, making phishing emails all the more treacherous.

Further reading:

Virtual private network (VPN) appliances

Despite being known for strong security, a VPN appliance may still have undiscovered or so-called “zero-day” vulnerabilities. White hat hackers and cybersecurity specialists race against cybercriminals to find these security gaps so that these aren’t exploited by the latter.

However, the good guys can’t just say that they found a vulnerability — they have to show proof that what they found is indeed a security risk. The discoveries may be eventually released into the public domain because of one of two reasons:

  • The software programming used by the appliance is open-source.
  • The disclosure was accidental.

At other times, security patches are released without any of the above happening. However, some cybercriminals can go so far as to reverse-engineer patches and find the security gaps. This is in the hope that they’ll find people who don’t apply patches as soon as these become available.

However crooks get wind of the vulnerabilities, they’ll move quickly to come up with ways to exploit them. This is one of the reasons to have more than one VPN service to rely on.

Are you letting hackers into your IT systems? Organizations in Toronto and beyond trust XBASE’s Exponentially Better™ cybersecurity services to grant them invaluable peace of mind. If you’re interested in learning more about how we can protect your business, then drop us a line today.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts