MITRE ATT&CK: External remote services


In this article, we will discuss the various ways that attackers are able to abuse external remote services to gain unauthorized access into internal networks. We will also discuss some known technologies that are commonly targeted by malicious actors, how to detect these attacks and finally, how to mitigate against them. 

This article does not by any means exhaust the targeted technologies nor the complete threat groups out there. It merely lays a foundation in order to understand what happens and how it happens.

Overview of the MITRE ATT&CK

The MITRE ATT&CK is a publicly-accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used as a foundation for the development of specific threat models and methodologies in the private sector, government and the cybersecurity product and service community.

The aim of the MITRE ATT&CK is to solve problems for a safer world by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

What are external remote services?

External remote services involve the various mechanisms that allow users to connect to internal enterprise network resources from external locations. Remote service gateways allow for the authentication of users connecting into the internal network. These gateways also manage connections for these services. The following are some of the most common external remote services:

  1. Virtual Private Networks (VPNs): A VPN extends a private network across a public network. This means that a tunnel is created within the public network within which users can send and receive data as if their devices were directly connected within the private network.
  2. Remote Desktop Connection (RDP): RDP is a Microsoft-designed protocol that provides remote display and input capabilities over network connections for Windows applications running on a (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Lester Obbayi. Read the original post at: