Email phishing attacks and brute force attacks against exposed remote desktop protocol (RDP) services are the most common methods cyber criminals are using to gain an initial foothold in corporate networks to lay the foundations for ransomware attacks.
Cybersecurity researchers at Coveware analysed ransomware attacks during the second quarter of this year and have detailed how phishing attacks and RDP attacks are the most popular entry points for starting ransomware attacks. Part of the appeal for cyber criminals is that these are low-cost to carry out while also being effective.
Phishing attacks – where cyber criminals send emails containing a malicious attachment or direct victims towards a compromised website which delivers ransomware – have slightly grown in popularity over the last quarter, accounting for 42 percent of attacks.
Meanwhile, attacks against RDP services, where cyber criminals brute force weak or default usernames and passwords – or sometimes gain access to legitimate credentials via phishing emails – remain extremely popular with ransomware groups, also accounting for 42 percent of attacks.
Both phishing and RDP attacks remain effective as they’re relatively simple for cyber criminals to carry out but, if carried out successfully, can provide them with a gateway to a whole corporate network. Breaching RDP credentials is particularly useful, because it allows attackers to enter the network with legitimate logins, making malicious activity more difficult to detect.