Malicious Actors have a new trend – brute-forcing various remote desktop SaaS services/tools like AnyDesk, GoToMyPC, Zoho Assist, RemotePC, VNC Connect, DameWare Mini Remote Control, etc. to gain unrestricted access to internal corporate networks without any obstacles. It is as simple as that, an IT guy who left a company a few years ago made that backdoor to avoid the hassle of supporting some annoying employees. This is our legacy, this is our harsh reality.
New ransomware-as-a-service (RaaS) teams like BlackCat (also known as ALPHV) target Remote Access Web vulnerabilities in unpatched or outdated firewall/VPN devices.
Here are a few things to keep in mind in order to Detect, Contain, and Eliminate such threats:
- An efficient MDR provider who can watch anomalies in users and access behavior and jump in whenever a response is required
- Use the Single sign-on authentication scheme with mandatory 2FA
- Utilize NTA or Cloud Access Security Broker (CASB) products like Accediant Interceptor, DarkTrace, PAN, Cisco Stealthwatch
- EDR
