For the past several months NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) has been tracking and helping organizations defend themselves from the Lazarus Bear Armada (LBA) DDoS Extortion Campaign. In this webinar NETSCOUT experts discussed:
- How the attacker continues to target and retarget different industries and critical infrastructure (e.g. VPN concentrators) on a worldwide basis.
- Updated information on the latest attack vectors being used in the campaign including everyday protocols such as Microsoft RDP, DNS, NTP and more.
- A behind-the-scenes glimpse into how ASERT gathers Threat Intelligence.
- Current best practices in defense.
Microsoft Remote Desktop Protocol (RDP) Reflection/Amplification DDoS Attack Mitigation Recommendations
The Microsoft Remote Desktop Protocol (RDP) service included in Microsoft Windows operating systems is intended to provide authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers. The RDP service can be configured by Windows systems administrators to run on TCP/3389 and/or UDP/3389.
Plex Media SSDP (PMSSDP) Reflection/Amplification DDoS Attack Mitigation Recommendations
Plex Media Server is a personal media library and streaming system which runs on modern Windows, macOS, and Linux operating systems, along with variants customized for special-purpose platforms such as network-attached storage (NAS) devices, external RAID storage units, digital media players, etc.