SECURITY ALERT: Heimdal™ Puts out an APB on Russian Hackers Responsible for Danish Re

[harlan4096]

Danish reseller attacks successfully thwarted by Heimdal™ Security

Following Heimdal’s discovery of the Russian hacking attack on Harbor IT, the Danish cybersecurity vendor urges everyone, companies, and home users alike, to keep on their toes. The group has yet to be apprehended by the authorities. There are no indications that Heimdal’s denunciation of the attacks will slow down or stop the criminal group. All parties affected by the recent brute-force spell have taken ample measures to prevent future occurrences and maintain the integrity of the data on the attacked devices.

Danish reseller attack revisited

Summarizing the incident – last week, Heimdal™ Security’s Incident Response and Management team has discovered that an anonymous group from Moscow has attempted to illicitly gain access to Harbor IT’s host server through the means of brute-forcing the RDP port. The subsequent digital forensics analysis revealed that one of the IP addresses employed by the Muscovite group was also used in three other brute-force attempts. Heimdal’s findings helped the Danish reseller reinforce security and contain the incident. The other parties were notified about the attack.

A week later, the attackers have yet to resurface. No news about their identities or motivations. Harbor IT and the other victims haven’t registered any brute-force attempts ever since.

Our company would like to raise awareness of the dangers of brute-force attacks. Over the past couple of months, Heimdal™ has observed a resurgence in both brute-force and email phishing attacks. This spike can be explained by the lack of cybersecurity hygiene loosely associated with the work-from-home transition and, arguably, some questionable choices in IT management. These issues can be remediated through education. More than that, this cybersecurity education that we’re so fond of, must be adapted to the times we’re living in. To learn more about how to improve your cybersecurity posture, please don’t hesitate to contact a Heimdal™ Security representative.

This last section will address the concerns of our customers and partners. Heimdal’s threat mediation and remediation products (i.e. Thor Foresight Enterprise and Thor Vigilance Enterprise) can easily deal with brute-force attacks. Covering the most common and uncommon attack vectors, our cybersecurity products will secure your machines from end to end, preventing future occurrences, while giving you the necessary tools to create actionable, case-specific reports. In Thor Vigilance, the RPD port is closely monitored for brute-force attacks and other malware types that are trying to infiltrate the machine through this point. The active monitoring of your RDP port also deters ransomware and DNS hijacking.

Conclusion

The challenge of tackling present and future malware is predicting where the threat actors will strike next before they do. In all likelihood, it’s like a game of chess played on a virtual board with no pieces.
...

Continue Reading