Common Information
Type | Value |
---|---|
Value |
External Remote Services - T1133 |
Category | Attack-Pattern |
Type | Mitre-Enterprise-Attack-Attack-Pattern |
Misp Type | Cluster |
Description | Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management can also be used externally. Adversaries may use remote services to access and persist within a network. (Citation: Volexity Virtual Private Keylogging) Access to Valid Accounts to use the service is often a requirement, which could be obtained through credential pharming or by obtaining the credentials from users after compromising the enterprise network. Access to remote services may be used as part of Redundant Access during an operation. Detection: Follow best practices for detecting adversary use of Valid Accounts for authenticating to remote services. Collect authentication logs and analyze for unusual access patterns, windows of activity, and access outside of normal business hours. Platforms: Windows Data Sources: Authentication logs Permissions Required: User Contributors: Daniel Oakley, Travis Smith, Tripwire |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2025-02-11 | 0 | Threat Landscape Report: Uncovering Critical Cyber Threats to Manufacturing Sector - ReliaQuest | ||
Details | Website | 2025-02-04 | 89 | Abyss Locker Ransomware: Attack Flow & Defense Strategies | Sygnia | ||
Details | Website | 2025-01-28 | 0 | CrowdStrike Falcon Earns Perfect Score in SE Labs’ Ransomware Evaluation | ||
Details | Website | 2025-01-22 | 40 | Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2025-01-16 | 345 | The Feed 2025–01–16 | ||
Details | Website | 2025-01-10 | 30 | Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls ? Arctic Wolf | ||
Details | Website | 2025-01-10 | 30 | Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf | ||
Details | Website | 2024-12-12 | 7 | The Bite from Inside: The Sophos Active Adversary Report | ||
Details | Website | 2024-12-10 | 0 | Holiday Season Cyber Threats (Part 2): Ransomware, Gift Cards, and… | ||
Details | Website | 2024-12-03 | 10 | Gafgyt Malware Targeting Docker Remote API Servers | ||
Details | Website | 2024-12-02 | 67 | BianLian's Shape-Shifting Tactics: From Encryption to Pure Extortion | ||
Details | Website | 2024-11-26 | 23 | Top Cyber Attacker Techniques, August–October 2024 | ||
Details | Website | 2024-11-26 | 23 | Top Cyber Attacker Techniques, August–October 2024 - ReliaQuest | ||
Details | Website | 2024-11-25 | 4 | CISA’s chemical SSGs focus on strengthening cyber defenses, protecting from cyber threats | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
Details | Website | 2024-11-19 | 5 | Latest Report Findings: Retail Trade Faces 111% Jump in Ransomware - ReliaQuest | ||
Details | Website | 2024-11-12 | 5 | Report Shows Ransomware Has Grown 41% for Construction Industry - ReliaQuest | ||
Details | Website | 2024-11-09 | 19 | TRACKING RANSOMWARE : OCTOBER 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
Details | Website | 2024-11-06 | 0 | Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
Details | Website | 2024-11-04 | 27 | Jumpy Pisces Threat Intel | ||
Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
Details | Website | 2024-10-24 | 79 | Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf | ||
Details | Website | 2024-10-22 | 13 | Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach | ||
Details | Website | 2024-10-21 | 21 | Attackers Target Exposed Docker Remote API Servers With perfctl Malware | ||
Details | Website | 2024-10-18 | 27 | Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A | ||
Details | Website | 2024-10-16 | 108 | Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA |