Live Chat Software by Kayako
Cyber attackers are increasingly exploiting RDP, warns FBI
Posted by Thang Le Toan on 29 September 2018 02:30 AM
Businesses should to act to reduce the likelihood of compromise from cyber attackers exploiting the remote desktop protocol, warns the FBI
The use of RDP (remote desktop protocol) creates risk because it has the ability to control a computer remotely and usage should be closely regulated, monitored and controlled, say the FBI and US Department of Homeland Security.
Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the internet to compromise identities, steal login credentials and ransom data, the two US agencies said in a joint public service announcement.
The use of remote administration tools, such as RDP, as an attack vector has been on the rise since mid- to late 2016 with the rise of dark markets selling tools for RDP access.
RDP is increasingly popular with cyber attackers because it allows an individual to control the resources and data of a computer over the internet.
Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system, and because attacks using RDP do not require user input, intrusions are hard to detect.
Vulnerabilities include weak passwords that allow attackers to initiate RDP connections, outdated versions of RDP with weak encryption mechanisms that enable man-in-the-middle attacks, allowing unrestricted access to the default RDP port (3389), and allowing unlimited login attempts to a user account.
Threats include ransomware such as CrySiS, which targets businesses through open RDP ports; CryptON, which uses brute-force attacks to gain access to RDP sessions; and Samsam, which uses a wide range of exploits, including ones attacking RDP-enabled machines, to perform brute-force attacks.
In July 2018, Samsam threat actors used a brute-force attack on RDP login credentials to infiltrate a healthcare company and encrypt thousands of machines before detection, the FBI/DHS alert said.
Threat actors are also known to buy and sell stolen RDP login credentials on the dark web, with the value of credentials being determined by the location of the compromised machine, software used in the session, and any additional attributes that increase the usability of the stolen resources.
Read more about RDP-enabled cyber attacks
In August 2018, researchers at security firm Cybereason reported that a honeypot designed to look like a power transmission substation of an electricity supplier was discovered within two days and prepared for sale as an asset on the dark web to another criminal entity using the tool xDedic RDP Patch.
The tool allows a victim and an attacker to use the same credentials to log in to a machine simultaneously using RDP, which would otherwise be impossible because of built-in security restrictions in the latest versions.
Daily RDP incidents skyrocketed in May, with attackers going for backups in most cases, according to a report on malicious activity in the second quarter of 2018 by security firm Rapid 7.
The report said there is a consistent level of activity with RDP in the second quarter with peaks of activity, such as one in May that saw more than one million probes.
“Monitoring for brute-force activity, suspicious multi-country authentication and multi-organisation authentication helps to identify this type of activity, and implementing multi-factor authentication and monitoring for leaked credentials can help organisations actively protect themselves from these threats,” the report said.
Understanding exposures is another critical aspect to combating the threats, the Rapid 7 report said, noting that externally exposed RDP – even for a short period of time – can have a devastating effect on an organisation, as was shown by several of the RDP-enabled ransomware attacks in the second quarter.
To protect against RDP-based attacks, the FBI and DHS recommend that businesses:
Read more »
RAMDrive: Increase Computer Speed by up to 50%
Posted by Tuan Hoang Anh on 07 June 2015 08:53 AM
Should You install a RAMDrive?
RAMDrives (also called RAMDisks) use, uh… RAM (Random Access Memory). That means that if you don’t have enough to begin with then a RAMDrive is not for you.
What is enough?
If you’re running Windows 7 (64-bit) then the sweet spot according to all the benchmark articles I have read is about 4GB. If you have more than 4GB of RAM installed on your system then you are a candidate for a RAMDrive.
If not, then you should probably get more RAM in order to qualify for this exercise. Adding a RAMDrive in this case will only lower the amount of memory within which Windows has to operate. That’s not a good thing. We want to speed things up, not slow them down.
What is a RAMDrive?
The concept is simple. A RAMDrive is a utility that sets aside a portion of available RAM and fools Windows into thinking it is an actual internal hard drive connected to your computer. It will be treated like any other drive; it will show up in Windows Explorer or any other file manager of your choosing.
You can copy, move and delete files and directories as usual. There are two very big differences, though:
What RAMDrive is the best? And what do I use?
The aforementioned volatility is the big issue here. You might ask, “What good is it if it all disappears when I turn off my computer?”
This is a valid question. The answer is to get yourself a RAMDrive that will allow you to save all that data between re-boots. I don’t know of many that will, but I do know of one and it is what I use. It is published byDRDataRAM. They are in the business of selling RAM but they also provide this wonderful product for free.
Note 1: Please disregard the branding. This is a version that was provided by AMD. I wanted to see if there were any differences between this and the DRDataRAM version and there were not. I simply never uninstalled this version and it happens to be the only image I have available on my computer.
Note 2: Setting these options will add to the Start and Shutdown times of Windows. This small sacrifice is definitely worth the speed increase while you are actually using your computer.
What You Should Put on a RAMDrive?
The best things to keep on a RAMDrive are things that are temporary in nature. Namely:
What You Should Not Put on a RAMDrive
The Page File – Absolutely do not consider putting your Page File on a RAMDrive. This is totally counter-intuitive and I can’t, for the life of me, understand why this idea is perpetuated. Even among the tech élite. It makes no sense to me.
Granted, a Page File on a RAMDrive will be much faster. The point here is this:
If you need a Page File in the first place, then you don’t have enough RAM in the first place, and you certainly don’t have the luxury of using some of it for a RAMDrive. Now you want to put a Page File on the RAMDrive that you can’t afford? Arghhh!
I have spouted this point ad infinitum and still I see members of the tech community, some of whom I admire incidentally, who still don’t seem to ‘get it’.
I will allow one small backtrack on my adamant rebuke. <Drum roll. please…>
If you have tons of RAM, and don’t need a Page File, but there are some antiquated programs you’re using that won’t run without one, then maybe, just maybe, I’ll back off a tad.
One example of such a program is Acronis. This is what I use to back up my computer on a daily basis. I have 16GB of RAM installed on this system and Acronis still insists on using a Page File. Doh. Perhaps newer versions have fixed this ridiculous problem.
The Bottom Line
A RAMDrive can greatly improve the speed of your computer. Here are a few points to consider:
Note: If you are not running a 64-bit system, then the 4GB issue becomes moot. 32-bit systems cannot use more than 4GB of RAM. There are exceptions to this rule but that is beyond the scope of this article.
If you have the available RAM, I strongly advise you to try out a RAMDrive. It will speed up your computer in ways you might not imagine.
You can get your free RAMDrive at this DRDataRAM download page.
Disclaimer: I am not in any way affiliated with DRDataRAM. I use the utility because I happen to like it and simply want to pass this information on to you.
If you would like to know more about using this particular RAMDrive solution, or if you have questions or suggestions please leave a comment below.
Read more »
Using a RAM disk to speed up your PC – Part 2
Posted by Tuan Hoang Anh on 07 June 2015 08:50 AM
This is part 2 of a two part article. I would highly recommend you read How to setup and use a RAM drive – Part 1 before proceeding.
In this segment I’d like to show you how to implement some of things we discussed in the previous section.
I have been talking a lot about what to put on your RAM Drive but I haven’t told you how to do that, so here goes…
Browser Cache Files
Cache Files are a prime candidate for a RAMDrive. They are temporary, fleeting, and don’t need to be saved. If they are deleted, they will simply be re-created by their respective browsers.
I’ll talk about the Big Three, IE, Firefox, and Chrome.
IE is probably the easiest browser to change.
There are a number of ways to open the Internet Properties Sheet. Probably the easiest is to open Control Panel and click Internet Options. That will open this window:
This will bring up a familiar file browser window for you to choose the new destination folder for your IE cache files. Obviously, for the purposes of this exercise, you’ll want to choose a folder on your new RAM Drive.
I believe Windows will expect you to log out then back into your account for the changes to complete. This should not involve a complete re-boot, however, so it is relatively painless.
Firefox is not quite as straightforward but the principle is the same.
You may get a warning to be careful if this is the first time you enter the configuration page; just say OK.
At this point we want to create a new string entry which does not exist by default.
If the entry called browser.cache.disk.parent_directory does not exist, you will have to create it. If it does exist, then all you have to do is change its value.
To create the entry:
Note: Do not capitalize nor add spaces; pay attention to spelling and punctuation. If you get this wrong, it won’t work. And there is no way to delete an entry from within this window once it has been entered.
To change the Value:
I recommend re-starting Firefox when you are finished.
Note: If you are using a Firefox variant such as Palemoon or Waterfox, these settings work in those browsers as well.
Google Chrome is an entirely different matter. There are basically two methods from which to choose:
I have written a post at WinCom7 that will explain the second method in detail and you can read it at Moving the Default Chrome Cache Directory.
The first method hasn’t been attempted for quite some time now and is not covered there.
In all the above examples you can test that everything is working by using your favorite file manager. Go to your new RAM Drive and check the various folders while your browser is running. You should see the the cache files being placed there when you open your browser.
Temporary System and User Files
Temporary System and User Files are another set of files that have a need for speed.
If you happen to be the proud owner of a new Solid State Drive, then you will have the added benefit of reducing write operations to that drive. That is always a plus where SSDs are concerned. Also, a RAM Drive is infinitely faster than an SSD. Two birds with one stone…
Here’s how to do it:
You can see that I have already pointed my TEMP and TMP variables to my RAM Drive (R:\).
As with the browser cache files you can test that all is working as it should by opening the RAM Drive in a file manager to see that the new Temporary files are now being stored there.
This has been a rather windy discussion of RAMDrives and a few suggested uses. You are only limited by your imagination and by the amount of spare RAM installed in your computer.
For your entertainment, and mine, I once installed the entire Skyrim game on a RAM Drive. It was an experiment for both my amusement and to see if I could actually get it to work. Well, I got it to work but it came at a price- about 10GB worth of RAM! I decided that was a bit much considering I only have the 16GB of RAM available on my computer. Now, if I had 32GB… hmmmm…
If you have the RAM to spare, I highly recommend sticking a RAMDrive in there. Not only is it a lot of fun to experiment with, you can save wear and tear on hard drives, reduce write operations to SSDs, and the speed benefits are palpable.
What are you using a RAM Drive for? I’d sure like to hear about any new ideas that we might try out.
Read more »
How to setup and use a RAM drive – Part 1
Posted by Tuan Hoang Anh on 07 June 2015 08:48 AM
A week ago I wrote an article about RAMDrivesand my thoughts about them; I wrote about how I thought they should and should not be used. You can read all my rants and raves in the originalRAM disk article.
In any case, today I would like to talk about the RAM disk software itself. Namely, DrDataRAM. This is a very lengthy article with lots of information so I’m breaking it down into two parts so it is easier to digest. This is part 1 of 2.
What I specifically like about this particular software is that you can save your work between re-boots. This is an option not often offered by many RAM disk solutions.
DrDataRAM – Using a RAM disk to speed up your PC – Part 1
DrDataRAM is a great piece of work. In my limited experience it is the best RAMDrive solution available, hands-down; this is especially true when you consider the great price – free. Granted, they are in the business of selling RAM. This does not mean they have sloughed their diligence with this RAMDrive product. To the contrary, they have done a great job of it.
Disclaimer: I must point out that I have no relationship with DRDATARAM nor will I receive any remuneration from their organization for promoting their software. I simply like the product and want to share my experiences with you.
Now that I’ve covered my Wisconsinian derriere (dairy air), I will proceed to show you how to use this fine utility.
If you’d like to follow along, you can get your free copy of DrDataRAM at their site.
The installation is normal. It is also SneakWare free which is a welcome blessing. It works the same as any Windows installation and in order for it to take affect you will need to re-boot your computer. There is a nag screen that will open in the free version but that only shows up when you enter the settings window. No problem…
DRDataRAM does not change its settings until you re-boot the system (read: until you re-start DRDataRAM) . This is an important point.
Here’s an example: Let’s say you want to save your RAM Drive when the computer shuts down. So, you change the DRDataRAM settings to reflect those wishes. Now you shut down your computer expecting those changes to be saved.
Wrong! It won’t happen until the RAM Driver is re-loaded. That means it’s too late. You need to save the RAM Drive image after you make the changes, but before you re-boot your computer. I’ll return to this a little later.
This may sound strange but it really does make sense. Here’s a plan:
In the following examples, I’ll show you what I do when I first install this utility and how I use it on a regular basis.
The first thing you should notice are the tabs at the top of the DrDataRAM window.
Note 1: Please ignore the AMD Radeon branding in this and any following images. This utility is identical to the DrDataRAM product we are discussing. The reason for this difference is that I thought I’d try the AMD version and never uninstalled it. It was an AMD promotion a while back. I discovered there was absolutely no difference between the two.
Note 2: You’ll notice in the above image that a maximum size available is 15780MB. The free version has an upper limit of 4GB. The paid version is limited only by the amount of RAM installed in your computer.
Note 3: I usually set it up as Unformatted, When I re-boot I have Windows format it with a FAT32 file system, then save the RAM Drive image to a hard drive. This may sound confusing now but I hope to clear this up for you in the following paragraphs.
Under the first tab labeled “Settings” you will decide the size of your new Ram Drive. If you plan on using the Ram Drive only for browser cache files (recommended) and System and User Temporary Files (also recommended) then a 2GB choice is more than adequate.
There are several choices to make under the Load/Save tab.
The first thing you should probably do is decide where you want to store a copy/image of the Ram Drive. Since Loading/Saving this rather large file will slow down your Windows boot and shut-down times, it’s probably a good idea to put this on a relatively fast drive. The extra time spent for the boot/shut-down times is a small price to pay for the much faster computing experience delivered while you are actually using your system.
I don’t mind waiting a few seconds longer for a computer to shut-down or start up. After all, I’m not using the computer when that is happening. I want speed while I’m actually working with it.
Here is what I do and I’m about to save you a very big headache
First I create all the folders that I know I’m going to be using. They include a Temp folder for, well, Temporary Files.
Then I create folders for the individual cache files for various browsers I use. I usually have three to four browsers running at any given time, so I set up four folders—one for each browser.
I also like Google Earth and Google Earth in turn likes to create lots of cache files. This is perfect for a RAM Drive.
Here’s how my RAM Drive directory structure looks:
Even though I have the Recycle Bin disabled for this drive, apparently Windows cannot resist the urge to put the directory in there anyway.
In my opinion a Recycle bin on a RAM Drive is a total waste of resources. I always disable it for that drive.
Now, here’s that headache thing I told you about. Once you get all your directories set, hit that Save Disk Image Now button!!
The reason is a timing issue. When you close the DrDataRAM window, it will ask if you want to save your settings. It will also tell you that the settings won’t be put in place until you restart DrDataRAM. Well, if you haven’t saved your RAM Drive by the time you restart the utility it’s too late. The DrDataRAM settings will be intact, but your hard work setting up the file structure on the RAM Drive will be lost and you’ll have to start over. Bummer…
So the caveat here is this: Always save a copy of the RAM Drive whenever you change any settings.
It took me a bit of time to get a handle on the way this worked and was the cause of many re-boots, restarts and repetitive settings changes.
If you want to retain this structure between re-boots put a check in the box labeled Load Disk Image at Startup!!
Once I have the RAM Drive set up to my liking there is no need for me to save the image at every shut down. I just have it loaded at boot time. In fact, if you’d like to have no traces of your browser caches left, you can simply set up all the empty folders you like, save it in that state, and it will effectively load empty caches at every boot. This might be a tantalizing idea to the more privacy-conscience folks out there.
Event Log and Options Tabs
DrDataRAM keeps a log of events, both informational and warnings. I have never seen a single bad event listed.
Under the Options tab, there are some additional choices for you to fine-tune some settings.
In part 2 I’ll delve into actually implementing the RAM drive on your computer – where you’ll see huge performance increases, but if you can’t wait and prefer to work ahead you can turn to DrDataRAM Support Page for useful information.
Read more »