Hackers Target RDP Servers To Gain Initial Access To Corporate Networks

Researchers have noticed an increase in vulnerabilities used in infiltrating organizations. According to cybersecurity firm Group-IB, the threat actors target remote desktop (RDP) servers that are exposed on the web for initial access into a network.

Group-IB explained that in 2021, ransomware gangs began to focus on several vulnerabilities in public-facing applications, and quickly moved to add exploits for newly uncovered security issues.

Vulnerabilities commonly used by ransomware attackers include CVE-2021-20016 (SonicWall SMA100 SSL VPN), CVE-2021-26084 (Atlassian Confluence), CVE-2021-26855 (Microsoft Exchange), CVE-2021-27101 (Accellion FTA), CVE-2021-27102 (Accellion FTA), CVE-2021-27103 (Accellion FTA), and CVE-2021-27104 (Accellion FTA).

Others include CVE-2021-30116 (Kaseya VSA), CVE-2021-34473 (Microsoft Exchange), CVE-2021-34523 (Microsoft Exchange), CVE-2021-31207 (Microsoft Exchange), and CVE-2021-35211 (SolarWinds).

A joint report by Cyber Security Works, Securin, Cyware and Ivanti showed that the number of bugs related to ransomware attacks rose to 310 in the first quarter of 2022.

Group-IB cites the leaks of the threat actors and claims that ransomware gangs have released information from 3,500 victims, most of whom are based in the U.S. (1,655).

Ransomware gangs with the most aggressive operations in 2021 were LockBit (670) and Conti (640), while Pysa came third with data from 186 victims published on their leak sites.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web