Last week, the US Department of Homeland Security warned of attackers using remote desktop servers to attack data centers.
“Due to the level of access gained before deploying ransomware, the issue cannot be resolved by simply restoring data from backup,” the Cybersecurity and Infrastructure Security Agency said in its announcement.
To further obfuscate their activities, some attackers are writing their malware in Java, a language antivirus software doesn’t typically scan for, according to researchers at BlackBerry and KPMG’s UK Cyber Response Services.
“They don’t see it as an executable file,” Claudiu Teodorescu, director of threat hunting and intelligence at BlackBerry, said.