Following Heimdal’s discovery of the Russian hacking attack on Harbor IT, the Danish cybersecurity vendor urges everyone, companies, and home users alike, to keep on their toes. The group has yet to be apprehended by the authorities. There are no indications that Heimdal’s denunciation of the attacks will slow down or stop the criminal group. All parties affected by the recent brute-force spell have taken ample measures to prevent future occurrences and maintain the integrity of the data on the attacked devices.
Danish reseller attack revisited
Summarizing the incident – last week, Heimdal™ Security’s Incident Response and Management team has discovered that an anonymous group from Moscow has attempted to illicitly gain access to Harbor IT’s host server through the means of brute-forcing the RDP port. The subsequent digital forensics analysis revealed that one of the IP addresses employed by the Muscovite group was also used in three other brute-force attempts. Heimdal’s findings helped the Danish reseller reinforce security and contain the incident. The other parties were notified about the attack.
A week later, the attackers have yet to resurface. No news about their identities or motivations. Harbor IT and the other victims haven’t registered any brute-force attempts ever since.
Antivirus is no longer enough to keep an organization’s systems secure.
Thor Foresight Enterprise
Is our next gen proactive shield that stops unknown threats
before they reach your system.
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Automatic patches for your software and apps with no interruptions;
- Protection against data leakage, APTs, ransomware and exploits;
Our company would like to raise awareness of the dangers of brute-force attacks. Over the past couple of months, Heimdal™ has observed a resurgence in both brute-force and email phishing attacks. This spike can be explained by the lack of cybersecurity hygiene loosely associated with the work-from-home transition and, arguably, some questionable choices in IT management. These issues can be remediated through education. More than that, this cybersecurity education that we’re so fond of, must be adapted to the times we’re living in. To learn more about how to improve your cybersecurity posture, please don’t hesitate to contact a Heimdal™ Security representative.
This last section will address the concerns of our customers and partners. Heimdal’s threat mediation and remediation products (i.e. Thor Foresight Enterprise and Thor Vigilance Enterprise) can easily deal with brute-force attacks. Covering the most common and uncommon attack vectors, our cybersecurity products will secure your machines from end to end, preventing future occurrences, while giving you the necessary tools to create actionable, case-specific reports. In Thor Vigilance, the RPD port is closely monitored for brute-force attacks and other malware types that are trying to infiltrate the machine through this point. The active monitoring of your RDP port also deters ransomware and DNS hijacking.
Conclusion
The challenge of tackling present and future malware is predicting where the threat actors will strike next before they do. In all likelihood, it’s like a game of chess played on a virtual board with no pieces.