What a headline, huh? That’s quite the number of infected servers found during a recently discovered and tracked malware campaign. At a very high level, this campaign focused on mass-scanning servers for specific services, cataloguing servers that responded, then feeding that list into a password brute force tool. Once infiltrated, malicious payloads were used to perform … [Read more...]
Indicators of RDP Brute Force Attacks
I have been investigating an incident involving two EC2 instances on AWS that were infected with ransomware, cryptocurrency miners, and other types of malware. Sounds scary, right?! Well actually, the approaches that the attackers took to get onto the hosts do not appear to be that sophisticated, and this type of attack could occur in any environment, not just in the cloud. … [Read more...]