Europol has highlighted the primary methods employed by cybercriminals to infiltrate organizations, with ransomware attacks posing the most significant threat, according to the European law enforcement agency.
Europol’s latest report reveals that cybercriminals are increasingly resorting to phishing emails containing infected attachments, exploiting vulnerabilities in VPN solutions, and employing brute-force attacks on RDP (Remote Desktop Protocol) accounts to gain unauthorized access to organizations.
“Cybercriminals conduct automated scans for open RDP ports on the internet. When not properly configured, this protocol presents numerous opportunities for intrusion. Examples of misconfigurations include the absence of (multi-factor) authentication, the use of weak passwords, or the failure to employ a firewall to filter access to the machine,” warns Europol.
Attackers then attempt to log in via RDP using brute-force attacks. Additionally, they frequently exploit vulnerabilities in VPN solutions and Microsoft Exchange Server. Another commonly used attack method involves sending phishing emails containing malicious macros within documents or archive files like .zip and .rar, which harbor malware.
Once inside the network, attackers utilize legitimate operating system tools to navigate further. The acquired access can be sold to other cybercriminals or used for data theft and ransomware deployment, Europol states.