The important things to get out of this:
1. Make sure you access RDP login only after passing a VPN credential challenge.
2. Make sure to block those SPAM emails from your user community so they don't get sucked in to handing over credentials, or inadvertently running keylogger programs on their workstation.
3. Although they compromised one big player VPN server appliance there are thousands of others that aren't.
-Stu
The top three most popular intrusion methods include unsecured RDP endpoints, email phishing, and the exploitation of corporate VPN appliances.
RDP — number one on the list
At the top of this list, we have the Remote Desktop Protocol (RDP). Reports from Coveware, Emsisoft, and Recorded Future clearly put RDP as the most popular intrusion vector and the source of most ransomware incidents in 2020.
"Today, RDP is regarded as the single biggest attack vector for ransomware," cyber-security firm Emsisoft said last month, as part of a guide on securing RDP endpoints against ransomware gangs.
Statistics from Coveware, a company that provides ransomware incident response and ransom negotiation services, also sustain this assessment; with the company firmly ranking RDP as the most popular entry point for the ransomware incidents it investigated this year.