- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Primary infection methods for malware remain social engineering, targeted phishing emails and Remote Desktop Protocols.
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Primary infection methods for malware remain social engineering, targeted phishing emails and Remote Desktop Protocols.
While targeting specific companies is potentially more labour-intensive and technically challenging, requiring the attackers to follow the cyber kill-chain, it also means that attackers are able to pitch the ransom for decrypting
the victim’s files based on the victim’s perceived ability to pay. For example, there are cases where a company’s encrypted files have been ransomed for over EUR 1 million.
Such targeted cyber-attacks require specific tactics to infect the target network. The trend in the use of social engineering and targeted phishing emails as a primary infection method continues from last year. Some reports highlight that as many as 65 % of groups rely on spear-phishing as their primary infection vector. The use of vulnerable RDPs also continues to grow. Attackers can either brute force access to a target’s RDP or often can buy access to the target network on a criminal forum. In this area, the importance of patching once again becomes apparent. In May 2019, for example, Microsoft published the security vulnerability CVE-2019-0708, named sometime later as BlueKeep.
An attacker can exploit this vulnerability by connecting via RDP to the target machine and sending specifically crafted requests. This particular vulnerability does not require either victim interaction nor user authentication, allowing any attacker who succeeds in exploiting the vulnerability to execute arbitrary code on the compromised machine. The exploit works completely filelessly, providing full control of a remote system without having to deploy any malware. In addition, it also does not require an active session on the target.
Almost one million devices may be vulnerable to this exploit .