Based on new data on billions of cyberattacks recorded in 2023, attackers are cherry-picking legacy vulnerabilities and Remote Desktop Protocol (RDP) endpoints.
The honeypot sensors installed by the insurer coalition in the UK have recorded 5.8 billion attacks so far in 2023, which equates to around 17 million attacks per day.
Three-quarters (76%) of companies are targeting RDP, which enables home workers to connect to Microsoft Windows desktops in the office.
This is a particularly popular method for ransomware actors, as RDP is often exposed through misconfigured access controls. According to the latest data from Coveware, RDP attacks accounted for about 25% of initial visits in ransomware attacks in Q3 2023.
Simon Bell, UK security researcher at the Coalition, said: "Nearly three-quarters of the attacks recorded in 2023 are from RDP, which is a scary idea for businesses as remote work is here to stay. ”
"These attacks are completely preventable and can lead to catastrophic disruption or financial losses," he said. To mitigate these risks, we recommend disabling the service as soon as no one is using it, or allowing only employees who need it. “
Unpatched legacy vulnerabilities on coalition honeypots are also often targeted by threat actors. The most common are the two pre-2023 CVEs that affect F5 BIG-IP.
"Attackers often target old vulnerabilities to exploit," Bell said. This is due in part to the availability of open exploits of these vulnerabilities, giving hackers a usable playbook to successfully execute the attack. ”
It's also because attackers know that organizations may be slow to patch their software, exposing their systems to these known vulnerabilities. Attackers can then exploit outdated software and easily accessible public vulnerabilities to attack these systems.
"Just one critical vulnerability that hasn't been patched increases the likelihood of a claim by 33 percent for affiliate policyholders," Bell warned. Those who continue to use end-of-life software that is no longer supported by the manufacturer are three times more likely to suffer a security incident. ”