Ryuk ransomware operation updates hacking techniques
By
10:15 AM
Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.
The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet.
Furthermore, using targeted phishing emails to deliver the malware continues to be a favored initial infection vector for the threat actor.
New trend for initial infection
Security researchers from the threat intelligence boutique Advanced Intelligence (AdvIntel) observed that Ryuk ransomware attacks this year relied more often on compromising exposed RDP connections to gain an initial foothold on a target network.