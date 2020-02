Door souplost: RDP open zetten voor het hele internet is vragen om moeilijkheden.

Ik lees niet hoe de attacker is binnengekomen. Via Brute force, Social engineering, probleem in Windows RDP etc

• The attacker connected to an internet facing system with Remote Desktop Protocol (RDP) open to the internet• The attacker found data on one or more internal file shares, and exfiltrated a subset of those files• The attacker claims to have exfiltrated a total of 32 Gb of data from the City of Pensacola internal network• The attacker then distributed and executed ransomware on 27 systems