Incident Details
Sophos's Active Adversary reports in 2021 highlighted a significant increase in RDP abuse, with data collected from 2020 showing the highest incidence recorded. Among the various vectors used by attackers for network breaches, external remote services like RDP stood out as the most prevalent, being the entry point in 65% of Incident Response (IR) cases in 2023. Since the inception of the Active Adversary reports in 2020, external remote services have remained the most common method of initial access for cybercriminals.
Incident
How Did the Breach Happen?
In 90% of the attacks, cybercriminals exploited Remote Desktop Protocol (RDP) to gain initial access by successfully carrying out brute force attacks on exposed RDP ports.
What Data has been Compromised?
Evidence found in compromised incidents shows instances of data exfiltration and theft, where attackers have taken sensitive information from the affected organizations' networks.
Why Did the company's Security Measures Fail?
The failure of the company's security protocols occurred because the RDP ports were consistently left exposed to the internet and there was a lack of implementation of multi-factor authentication (MFA) for crucial services, which enabled attackers to exploit these weaknesses on numerous occasions.
What Immediate Impact Did the Breach Have on the company?
The breach quickly led to several successful compromises in a short span of time, resulting in a series of attacks and incidents occurring over a six-month period. This series of events caused significant disruptions and raised security concerns within the company.
How could this have been prevented?
Preventing this breach would have been possible by securing exposed RDP ports, activating multi-factor authentication (MFA), and following the essential security measures and guidelines suggested by cybersecurity professionals.
What have we learned from this data breach?
The significance of embracing fundamental security precautions like shutting down vulnerable RDP ports, activating multi-factor authentication (MFA), and persistently overseeing and safeguarding critical services to avoid repeated occurrences has been highlighted by this data breach.
Summary of Coverage
The incident that occurred in 2023 underscores the urgent importance for companies to tackle basic security weaknesses, like the visibility of RDP ports and absence of MFA deployment, in order to avoid recurrent breaches and safeguard their networks proficiently.