Heimdal
article featured image

Contents:

Following Heimdal’s discovery of the Russian hacking attack on Harbor IT, the Danish cybersecurity vendor urges everyone, companies, and home users alike, to keep on their toes. The group has yet to be apprehended by the authorities. There are no indications that Heimdal’s denunciation of the attacks will slow down or stop the criminal group. All parties affected by the recent brute-force spell have taken ample measures to prevent future occurrences and maintain the integrity of the data on the attacked devices.

Danish reseller attack revisited

Summarizing the incident – last week, Heimdal™ Security’s Incident Response and Management team has discovered that an anonymous group from Moscow has attempted to illicitly gain access to Harbor IT’s host server through the means of brute-forcing the RDP port. The subsequent digital forensics analysis revealed that one of the IP addresses employed by the Muscovite group was also used in three other brute-force attempts. Heimdal’s findings helped the Danish reseller reinforce security and contain the incident. The other parties were notified about the attack.

 A week later, the attackers have yet to resurface. No news about their identities or motivations. Harbor IT and the other victims haven’t registered any brute-force attempts ever since.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Our company would like to raise awareness of the dangers of brute-force attacks. Over the past couple of months, Heimdal™ has observed a resurgence in both brute-force and email phishing attacks. This spike can be explained by the lack of cybersecurity hygiene loosely associated with the work-from-home transition and, arguably, some questionable choices in IT management. These issues can be remediated through education. More than that, this cybersecurity education that we’re so fond of, must be adapted to the times we’re living in. To learn more about how to improve your cybersecurity posture, please don’t hesitate to contact a Heimdal™ Security representative.

This last section will address the concerns of our customers and partners. Heimdal’s threat mediation and remediation products (i.e. Heimdal™ Threat Prevention and Heimdal™ Next-Gen Antivirus & MDM) can easily deal with brute-force attacks. Covering the most common and uncommon attack vectors, our cybersecurity products will secure your machines from end to end, preventing future occurrences, while giving you the necessary tools to create actionable, case-specific reports. In Heimdal™ Next-Gen Antivirus & MDM​, the RPD port is closely monitored for brute-force attacks and other malware types that are trying to infiltrate the machine through this point. The active monitoring of your RDP port also deters ransomware and DNS hijacking.

Conclusion

The challenge of tackling present and future malware is predicting where the threat actors will strike next before they do. In all likelihood, it’s like a game of chess played on a virtual board with no pieces.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE