![]() Today, they account for under a tenth of a percent of detections. At one point, AUTORUN.INF-based worms accounted for nearly a quarter of threats encountered by ESET’s software. A feature since Windows 95 was released in 1995, AutoRun was heavily abused to propagate worms like Conficker. Microsoft then backported this change to all previous versions of Windows, although not perfectly the first time. Windows 7 came with support for AutoRun (AUTORUN.INF) disabled. The last time I remember seeing such a widespread change was when Microsoft released Windows 7 in 2009. RDP remains widely used, and this means that attackers are going to continue conducting research into vulnerabilities that they can exploit.įor a class of exploits to disappear, whatever is vulnerable to them has to stop being used. In this instance, seeing attempts to exploit a vulnerability like BlueKeep decrease over time seems like good news. Some of that criticism is valid, but security is always an ongoing process: new threats are always emerging. One of the oft-heard complaints about computer security companies is that they spend too much time talking about how security is always getting worse and not improving, and that any good news is infrequent and transitory. CVE-2019-0708 “BlueKeep” detections worldwide (source: ESET telemetry) So, we have done just that: a new version of our 2020 paper, now titled Remote Desktop Protocol: Configuring remote access for a secure workforce, has been published to share that information.įigure 1. According to our threat report for the first four months of 2022, over 100 billion such attacks were attempted, over half of which were traced back to Russian IP address blocks.Ĭlearly, there was a need to take another look at the RDP exploits that were developed, and the attacks they made possible, over the past couple of years to report what ESET was seeing through its threat intelligence and telemetry. That paper can be found here on ESET’s corporate blog, in case you are curious.Ībout the same time this change was occurring, ESET re-introduced our global threat reports, and one of the things we noted was RDP attacks continued to grow. To help those IT departments, particularly the ones for whom a remote workforce was something new, I worked with our content department to create a paper discussing the types of attacks ESET was seeing that were specifically targeting RDP, and some basic steps to secure against them. The same, though, could not be said for many organizations around the world, who either had to set up access for their remote workforce from scratch or at least significantly scale up their Remote Desktop Protocol (RDP) servers to make remote access usable for many concurrent users. Many of ESET’s employees were already accustomed to working remotely part of the time, and it was largely a matter of scaling up existing resources to handle the influx of new remote workers, such as purchasing a few more laptops and VPN licenses. I switched from Vipre on Exchange to ESET as VIPRE wasn't cutting the mustard, now ESET is bullish and very "alpha".Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop ProtocolĪs the COVID-19 pandemic spread around the globe, many of us, myself included, turned to working full-time from home. ![]() We've had the software for a little under two weeks and man, I am ready to uninstall.but obviously I need something. The Exchange software tanks my Exchange Server many times a day - to the extent that I routinely disable/enable the features just to have Outlook start "responding" again. Those businesses that are using my setup - or similar: I'd love to hear are the "What I learned and you shouldn't/should do because I didn't/did." accounts from users in the trenches. I took it off and plan to (but haven't yet) installed v4 again. On our terminal server, I installed v5 and havoc ensued. ![]() The last bullet above is sort of the key for now, as the NOD32 v4 still communicates with the Endpoint Server and doesn't seem to give the users any guff. + ESET NOD32 Client v4 on a blend of Windows 7 32/64 and a few Win XP ![]() Workstations -> ESET Endpoint Client v5 on a blend of Windows 7 32/64.Server #2 (Exchange 2010) -> ESET Mail Security for Exchange.Server #1 (Remediation) -> ESET Endpoint Server + Remote Administrator.I am replying to this string for two reasons: to share what seems to be working for us, and also to glean any information you might have to offer US, as we too just upgraded.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |