Common Information
| Type | Value |
|---|---|
| Value |
External Remote Services - T1133 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management can also be used externally. Adversaries may use remote services to access and persist within a network. (Citation: Volexity Virtual Private Keylogging) Access to Valid Accounts to use the service is often a requirement, which could be obtained through credential pharming or by obtaining the credentials from users after compromising the enterprise network. Access to remote services may be used as part of Redundant Access during an operation. Detection: Follow best practices for detecting adversary use of Valid Accounts for authenticating to remote services. Collect authentication logs and analyze for unusual access patterns, windows of activity, and access outside of normal business hours. Platforms: Windows Data Sources: Authentication logs Permissions Required: User Contributors: Daniel Oakley, Travis Smith, Tripwire |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-12 | 5 | Report Shows Ransomware Has Grown 41% for Construction Industry - ReliaQuest | ||
| Details | Website | 2024-11-09 | 19 | TRACKING RANSOMWARE : OCTOBER 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-06 | 0 | Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-04 | 27 | Jumpy Pisces Threat Intel | ||
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-10-24 | 79 | Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf | ||
| Details | Website | 2024-10-22 | 13 | Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach | ||
| Details | Website | 2024-10-21 | 21 | Attackers Target Exposed Docker Remote API Servers With perfctl Malware | ||
| Details | Website | 2024-10-18 | 27 | Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A | ||
| Details | Website | 2024-10-16 | 108 | Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA | ||
| Details | Website | 2024-10-10 | 5 | Understanding Cyber Threats in the Health Care and Social Assistance Landscape - ReliaQuest | ||
| Details | Website | 2024-10-02 | 35 | Threat Brief: Understanding Akira Ransomware | Qualys Security Blog | ||
| Details | Website | 2024-09-30 | 27 | Threat Intelligence Report 24th September – 30th September 2024 | ||
| Details | Website | 2024-09-25 | 24 | Zero Trust Protections - Illustrated | ||
| Details | Website | 2024-09-23 | 45 | Threat Intelligence Report 17th September – 23rd September 2024 | ||
| Details | Website | 2024-09-19 | 7 | Threat Landscape Report: The PSTS Sector's Unique Vulnerabilities - ReliaQuest | ||
| Details | Website | 2024-09-06 | 46 | Самые интересные киберинциденты в 2023 году: внутренние угрозы и многое другое | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-09-02 | 43 | Iranian State-Sponsored Hackers Have Become Access Brokers For Ransomware Gangsca - Cyble | ||
| Details | Website | 2024-08-30 | 1 | RansomHub Ransomware Targets Critical US Infrastructure, Affecting Over 200 Victims - CloudSEK News | ||
| Details | Website | 2024-08-28 | 5 | BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave | ||
| Details | Website | 2024-08-28 | 62 | Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA | ||
| Details | Website | 2024-08-28 | 23 | AA24-241A : Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting US Organizations | ||
| Details | Website | 2024-08-21 | 26 | Summary Of Ransomware Threat Actor Activity In 2023 (ENG) – Red Alert | ||
| Details | Website | 2024-07-26 | 22 | RansomHub Ransomware – New Infection Chains Unveiled |