logo

Preventative defense tactics in the real world

We watch real life attacks in horror, where companies simply try to defend against attackers stomping on their networks in real time, blunting the damage and scouring for backups in a bid to avoid the crippling cost of ransom payments.

It’s a defense akin to investing in good demolition equipment in case your house catches fire so you can clear debris quickly and rebuild. However, as any fire safety expert would attest, it is a lot less expensive and time-consuming to prevent fires in the first place.

Likewise, in cybersecurity, prevention is not just preferable but essential. Here are a few attack tactics, based on trends we’re seeing day to day with our customers, and some preventative methods that can blunt the attack before it gets into your network.

Remote Desktop Protocol (RDP) defense

RDP attacks, if successful, allow attackers to gain administrator privileges and shut off your cyber-defenses. It’s like giving an attacker a master key to your house, then trying to keep them away from your priceless jewelry. Security companies get blamed for missing such tricky attacks, but it’s hard to overcome the digital equivalent of leaving the front door open. Adding defensive layers like multi-factor authentication (MFA) can help thwart RDP attacks like brute force and Remote Code Exploits (RCE). Further, Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) can help stop attackers if they’re able to get past RDP, by stopping lateral movement and encryption attempts for ransomware. This is also true of Remote Desktop Services (RDS), where attackers leverage capabilities far beyond what RDS is supposed to be doing.

Enterprise visibility

Attackers only need to succeed once whereas defenders must be successful every single time. Attackers who gain persistence on one network node can start to map and plan attacks. Network access attempts viewed only from the endpoint can miss the bigger picture of a coordinated attack. Core network firewalls are key here, especially if they come with IDS/IPS built in, with the ability to add YARA rules to defend against emerging attacks. Security companies, including ESET, often release YARA rules and various free tools to help defend against network-based attacks, whether originating from inside or outside the organization.

Multi-Factor Authentication (MFA)

As most services transition to the cloud, a single exploit against a cloud provider can allow attackers to wreak havoc against multiple targets, including your organization. User passwords, once compromised, are continually dumped into freely available training sets for automated brute force attempts. MFA can stop, or at least blunt, brute force attacks, especially Business Email Compromise (BEC), which is a perpetual concern. Adding MFA to users’ logins can significantly limit your exposure.

While nation-state level attacks make the headlines, it’s simpler attacks that are far more likely. Don’t start by looking for tastily-crafted zero days used by dedicated teams of cyber-adversaries targeting your organization. Those threats are generally less acute, unless you’re harboring multi-billion dollar potential payouts from stealing corporate or military secrets. You’re probably not.

But these defensive tactics work, are readily available and practical to implement, and you will be far less likely to do the equivalent of sitting back and watching the building burn while you capture a great video to share.

If you prefer prevention over recording the aftermath, you may want to check out our threat reports for more tactics and our @ESETresearch X account for the latest updates on threat activity.


Free security scan for your website