- #BIG MAC WRAPPER SPREAD OUT SOFTWARE#
- #BIG MAC WRAPPER SPREAD OUT PASSWORD#
- #BIG MAC WRAPPER SPREAD OUT WINDOWS#
That way, even if you get rid of the crooks and change your own admin password, they’ve already got backup accounts they can use to sneak back in later.
#BIG MAC WRAPPER SPREAD OUT PASSWORD#
Once they’ve got your RDP password – whether they use NLBrute, or simply look you up on Facebook to find your birthday and your pet’s name – they’ll logon and immediately create various brand new administrative accounts. Sophos security experts who’ve investigated a spate of recent RDP attacks have frequently found evidence that a tool called NLBrute was used to try a whole range of RDP passwords – a so-called brute force attack – in the hope of sneaking in. So, if the crooks notice that you’ve got RDP open to the internet, for example by using a network search engine such as Shodan, you can be sure they’ll take a poke around. In other words, the RDP password you’ve chosen for your remote sysadmin (or that you’ve let them choose for themselves) is essentially the key to your office – a weak password is like a server room door that’s propped open, inviting any passing snooper to take a look inside. RDP is like being right there, and allows remote use even of fully-graphical applications that can’t be scripted or operated via a command prompt.
#BIG MAC WRAPPER SPREAD OUT SOFTWARE#
When they move their mouse in the RDP client software far away, they’re controlling your computer when a software dialog pops up, they see it on their remote computer. RDP, for those who haven’t used it, effectively turns your IT guy’s laptop into a remote screen, keyboard and mouse connected over the internet to your local computer.
#BIG MAC WRAPPER SPREAD OUT WINDOWS#
To let remote sysadmins look after your Windows networks, the most widely-used tool is Microsoft’s own Remote Desktop Protocol, or RDP for short. These contractors might live in another part of town, or elsewhere in the country, or even on the other side of the world. Many companies, notably small businesses, outsource their IT to, or pay for lots of help from, outside contractors. The phishing crooks only make money if they can repeatedly find new ways to persuade users to open emails and do things their IT team have warned them about, such as saving attachments to disk and then launching them, or opening Office documents and deliberately enabling macros.įor this reason, some cybercriminals have decided that if you want something doing properly, you have to do it yourself.
Phishing is a numbers game: most of your emails won’t get through, many of those that do will go unread, and even those that get opened may find themselves hitting a brick wall – a patched system, for example, or a user who realises that something phishy is going on and stops just short of getting infected. Why bother with worms and exploits when you can simply sign up for crimeware online and click a button to crank out booby-trapped email attachments? We normally think of ransomware as something that’s catapulted into victims’ computers using some form of mass distribution.įor example, the criminals behind WannaCry and NotPetya used a stolen NSA exploit to create worms that copied themselves from one computer to another, encrypting files, demanding ransoms and creating mayhem as they zig-zagged through and between networks. Sophos has recently uncovered a new ecological niche in the great internet hack-o-sphere that’s equal parts low-cunning and directness: crooks who are breaking into computers one at a time and running ransomware on them manually – clickety click – in the same way that you might run Word, Notepad or Solitaire. If there’s an unexploited niche caused by insecure software or behaviour then sooner or later a crook is going to wiggle into it and attempt to use it as a way to make money from someone else’s misery. Thanks to Sophos security experts Peter Mackenzie and Paul Ducklinįor their behind-the-scenes work on this article.
0 kommentar(er)
