|
|
||||||||||||||||||
...
Remote Desktop Protocol (RDP) scanning from first worm in 7 years
The most recent evolution was a RDP scanning attack of unprecedented scale, with more than 100K unique hosts attacking the lab. With our strong visibility into traffic of all types, including RDP, we were the first people on the Internet to detect it (a month ahead of the rest of the Internet). We quickly shared this information with both the Lab and .edu communities. Our early detection and sharing allowed...This allowed us to provide early warning about a pending attack of significant scale. We provided infection signatures to the DOE and Education community that allowed a number of sites to detect active infections in their networks (e.g. Universities of Idaho, Waterloo, Albany, Simon Fraser University, Columbia). We submitted copies of the malware to Antivirus vendors (who had not yet detected it) that allowed for mass detection of the malware.
Internally, our Our response to this attack demonstrates our ability to dynamically adapt. We quickly created new methods to detect and alert on attacking/infected hosts and developed new defenses to block scanning.
...
