Splunk spots malware targeting Windows Server on AWS to mine Monero Data analysis firm Splunk says it's found a resurgence of the Crypto botnet – malware that attacks virtual servers running Windows Server inside Amazon Web Services. Splunk's Threat Research Team (STRT) posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, …
Kudos to Vulture Simon for suggesting solutions satisfying both sides:
...advice for those not wanting to avoid the attack is presumably to switch on RDP, use 'Admin/Passw0rd1234' as the login credentials and let 'er rip.
Now that's proper sardonicism! Have one on me ;)
Mine's even more simple. Don't use a vulnerable piece of bloated crap like Windows server. Oh, and don't use a cloud service provider, who can't notice and quickly stop something as basic as an attempt at a brute force password attack.
Guardduty from AWS has a specific finding on brute force RDP ports. Of course it has to be turned on, and some one has to read the alert. I'm ignoring the ability to automate a response on the basis that anyone who would leave an exposed RDP port is unlikely to have automated remediation.
I read the Reg to keep myself educated, updated, amused and sometimes! frankly horrified & incedulous at the state of the computer networks most of the world have come to rely on (me included re: banking shopping etc!) This particular report has prompted a rare reply simply because I could not initially credit that any "cloud" system would not immediately see and flag/stop any brute force password attack within "it's own system"
Then I got to "mikepren" reply that there is such a system in place called GuardDuty, so went toff to read how that works and yes seems very good, however its an extra!
So I realise that in near everything I read on here, money (or lack of!) is the cause of so many of the gaffes, BUT the vendors have some responsiibility! otherwise we would have car makers saying it has "Some braking" but if you really want it to "Stop" you will have to pay extra!
So I am left shaking my head in dismay & agree (if it at all possible) go with "Howard Sway" comment "Oh, and don't use a cloud service provider, who can't notice and quickly stop something as basic as an attempt at a brute force password attack." As in a provider who has a "Mandatory" Security checking system in place, not just one who obviously does not give a damm! other than of course to see another source of income!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
