mashiat
May 8th, 2019, 17:57
سلام دوستان
روی یکی از سرورهای هتزنر ما چنین ابیوزی اومده :
> Remote Desktop Protocol (RDP) developed by Microsoft is a proprietary
> network protocol for remote administration of Windows systems.
> The RDP service is using port 3389/tcp by default.
>
> Malicious actors take advantage of RDP services openly accessible from
> anywhere on the Internet for gaining unauthorized access to the
> victims' systems by performing brute-force attacks on weak passwords
> or abusing stolen login credentials. On the dark market, thousands of
> stolen login credentials for RDP services all over the world are sold.
> Those credentials usually have been harvested by malware on the hosts
> used for remote administation of the affected systems.
>
> In the past months, malicious actors more often installed ransomware
> on the compromised systems to encrypt data and subsequently demand
> ransom from the owners of the systems for the decryption of the data.
>
> To protect against such kind of attacks, CERT-Bund recommends
> restricting access to RDP services to trusted source IPs or using a
> secure *** connection for accessing the RDP service.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | Subject common name
>
>
> We would like to ask you to look into this matter or notify your
> customers accordingly.
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
>
>
> Mit freundlichen Gren / Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat CK22 - CERT-Bund
> Godesberger Allee 185-189, 53175 Bonn, Germany
معنیش چیه ؟ ریموت دسکتاپ مشکل داره ؟ ویروس و بدافزار گرفته ؟
روی یکی از سرورهای هتزنر ما چنین ابیوزی اومده :
> Remote Desktop Protocol (RDP) developed by Microsoft is a proprietary
> network protocol for remote administration of Windows systems.
> The RDP service is using port 3389/tcp by default.
>
> Malicious actors take advantage of RDP services openly accessible from
> anywhere on the Internet for gaining unauthorized access to the
> victims' systems by performing brute-force attacks on weak passwords
> or abusing stolen login credentials. On the dark market, thousands of
> stolen login credentials for RDP services all over the world are sold.
> Those credentials usually have been harvested by malware on the hosts
> used for remote administation of the affected systems.
>
> In the past months, malicious actors more often installed ransomware
> on the compromised systems to encrypt data and subsequently demand
> ransom from the owners of the systems for the decryption of the data.
>
> To protect against such kind of attacks, CERT-Bund recommends
> restricting access to RDP services to trusted source IPs or using a
> secure *** connection for accessing the RDP service.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | Subject common name
>
>
> We would like to ask you to look into this matter or notify your
> customers accordingly.
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
>
>
> Mit freundlichen Gren / Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat CK22 - CERT-Bund
> Godesberger Allee 185-189, 53175 Bonn, Germany
معنیش چیه ؟ ریموت دسکتاپ مشکل داره ؟ ویروس و بدافزار گرفته ؟