GoldBrute malware looks to take over 1.5 million servers worldwide.

While everyone is focussed on BlueKeep and panicking over updates (you should be updating anyway) there is another threat quietly combing the internet for servers protected with reused or bad passwords.

What GoldBrute is doing is looking through the internet for servers or workstations that have Microsoft’s Remote Desktop exposed to the internet and secured with poor password practices until it finds a way in to the system.

When GoldBrute finds its way in to a system it sets up shop and waits for further instructions which at this point is unknown. However the type of damage that could be done can range from a simple but effective ransomware campaign to an advanced staging point designed for additional surveillance or extensive network takeovers.

Everyone is advised to remove the Remote Desktop Service completely if it is not needed or find a way to secure the service if it is needed (one of the more popular ways is to put Remote Desktop behind a properly secured VPN service).

If you are not sure on how to do this you should definitely contact your Technology Professional to protect you from this emerging threat as soon as possible.

Details to help the technically-minded.
At your firewall/router block all inbound traffic at TCP/UDP 3389.
If you still need RDP access, you should certinaly consider using VPN to help secure RDP from outside attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.