Following a recent surge of attacks involving Avaddon ransomware, the United States and Australian cyber-security agencies have released alerts regarding the ransomware group’s tactics, techniques, and procedures, the Record reports. As described in a brief released by the FBI, the group has been observed compromising poorly secured Remote Desktop (RDP) and corporate Virtual Private Network (VPN) portals. Similar to other ransomware families, Avaddon also has a leak site where they release stolen data from companies that refuse to pay. While Avaddon has also bragged about their ability to execute DDoS attacks, the FBI has not identified any Avaddon incident involving DDoS.
As the most common means of compromise involves poorly secured VPN/RDP portals, Binary Defense recommends enabling 2FA (two-factor authentication) when available in order to ensure that users can have much firmer control over their own access. Additionally, Binary Defense recommends deploying a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force, to watch for unusual behaviors from authorized user accounts that are abused by attackers through stolen credentials.
For more information, please read: