This Is our Village

Sunday, September 30, 2018

Thursday, September 27, 2018

REMOTE DESKTOP ACCESS CAN GET YOU IN TROUBLE

-

Sep 27, 2018

Alert Number

I-092718-PSA

Questions regarding this PSA should be directed to your local FBI Field Office.
Local Field Office Locations: www.fbi.gov/contact-us/field
-
Cyber Actors Increasingly Exploit The Remote Desktop Protocol to Conduct Malicious Activity
-

BACKGROUND

-
Remote administration tools, such as Remote Desktop Protocol (RDP), as an attack vector has been on the rise since mid-late 2016 with the rise of dark markets selling RDP Access. Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the Internet to compromise identities, steal login credentials, and ransom other sensitive information. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) recommend businesses and private citizens review and understand what remote accesses their networks allow and take steps to reduce the likelihood of compromise, which may include disabling RDP if it is not needed.
-

DEFINITION

-
Remote Desktop Protocol (RDP) is a proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet. This protocol provides complete control over the desktop of a remote machine by transmitting input such as mouse movements and keystrokes and sending back a graphical user interface. In order for a remote desktop connection to be established, the local and remote machines need to authenticate via a username and password. Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system. Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.

VULNERABILITIES

  • Weak passwords – passwords using dictionary words or do not include a mixture of uppercase/lowercase letters, numbers, and special characters – are vulnerable to brute-force attacks and dictionary attacks.
  • Outdated versions of RDP may use flawed CredSSP, the encryption mechanism, thus enabling a potential man-in-the-middle attack.
  • Allowing unrestricted access to the default RDP port (TCP 3389).
  • Allowing unlimited login attempts to a user account.

EXAMPLES OF THREATS

-
CrySiS Ransomware: CrySIS ransomware primarily targets US businesses through open RDP ports, using both brute-force and dictionary attacks to gain unauthorized remote access. CrySiS then drops its ransomware onto the device and executes it. The threat actors demand payment in Bitcoin in exchange for a decryption key.
CryptON Ransomware: CryptON ransomware utilizes brute-force attacks to gain access to RDP sessions, then allows a threat actor to manually execute malicious programs on the compromised machine. Cyber actors typically request Bitcoin in exchange for decryption directions.
Samsam Ransomware: Samsam ransomware uses a wide range of exploits, including ones attacking RDP-enabled machines, to perform brute-force attacks. In July 2018, Samsam threat actors used a brute-force attack on RDP login credentials to infiltrate a healthcare company. The ransomware was able to encrypt thousands of machines before detection.
Dark Web Exchange: Threat actors buy and sell stolen RDP login credentials on the Dark Web. The value of credentials is determined by the location of the compromised machine, software utilized in the session, and any additional attributes that increase the usability of the stolen resources.

SUGGESTIONS FOR PROTECTION

-
The use of RDP creates risk. Because RDP has the ability to remotely control a system entirely, usage should be closely regulated, monitored, and controlled. The FBI and DHS recommend implementing the following best practices to protect against RDP-based attacks:
  • Audit your network for systems using RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology vendors to confirm that patches will not affect system processes.
  • Verify all cloud-based virtual machine instances with a public IP do not have open RDP ports, specifically port 3389, unless there is a valid business reason to do so. Place any system with an open RDP port behind a firewall and require users to use a Virtual Private Network (VPN) to access it through the firewall.
  • Enable strong passwords and account lockout policies to defend against brute-force attacks.
  • Apply two-factor authentication, where possible.
  • Apply system and software updates regularly.
  • Maintain a good back-up strategy.
  • Enable logging and ensure logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
  • When creating cloud-based virtual machines, adhere to the cloud provider's best practices for remote access.
  • Ensure third parties that require RDP access are required to follow internal policies on remote access.
  • Minimize network exposure for all control system devices. Where possible, critical devices should not have RDP enabled.
  • Regulate and limit external to internal RDP connections. When external access to internal resources is required, use secure methods, such as VPNs, recognizing VPNs are only as secure as the connected devices.
  • Dave Israel
  • -

Thursday, September 20, 2018

Monday, September 17, 2018

Saturday, September 15, 2018

RUMOR OF SALE OF DEFUNCT GOLF COURSE PROPERTY

-
On Friday, September 14, 2018, I had a telephone conversation with Henry Handler Esq., of Weiss, Handler & Cornwell, PA. Attorney Handler advised that Mr. Waldman, principal owner of Fairways LLC/Reflection Bay, is negotiating the sale of the defunct golf course to Lennar home builders; one of the largest companies in the home-builder space.
-
Subsequent discussion with Peyton McArthur - Port Commissioner, and senior assistant to County Commissioner Paulette Burdick has revealed that no record of sale has yet been recorded in County records.
-
So, while I have no reason to doubt Attorney Handler, the actual sale of the property, must be considered a rumor at this point; as it has not been recorded with Clerk of Court, PBC.
-
A full investigation and report will be forthcoming in the UCO Reporter. Additional news will be reported as it is received.
-
Dave Israel
-

Friday, September 14, 2018

Where is the respect and equity ?

The list of countless TV stations has been published by Atlantic Broadband for Century Village. While there are Europeen and South American stations there are no Canadian stations. Representations could have been made. AB is an American Company and a subsidiary of Cogeco Communications, an American Company and a subsidiary of Cogeco Cable, a Canadian Company.

Canadians in Century Village spend close to 2 million dollars a year in condo fees. While we may not be physically present twelve months a year, our money is. We are now asked to pay more for a discriminal service. We are good and tolerant neighbours but there is an obvious lack of respect and fairness in this deal.  Andre Legault

Wednesday, September 12, 2018

Primary Care Physicians of Florida


I see Primary Care Physicians of Florida is open in our medical building above Walgreens.  You can walk in or check on https://www.pcphollywood.com/locations/west-palm-beach-fl_2/  and PCPFLA.COM
This is not a recommendation but it is good to know we have doctors so close.  I shall go in to do some research for myself.

Monday, September 10, 2018

9/11 - PATRIOT DAY - NEVER FORGET

-
-Image result for 911 never forget
-
Dave Israel
-


uco reporter on website

when reading Reporter on website how do you switch to full screen -hard to read otherwise.Thanks

Saturday, September 8, 2018