Exploit of Remote access

The Network: Healthcare organization, dozens of servers, several hundred workstations

The Expectation: Lean in house IT staff, supplemented by out sourced experts in local region

The Catch: EventTracker v8 sensor detects that a well known remote access program typically used by the trusted outsourced experts accepts a connection from China.

The Find: Remote server access is convenient, even necessary in this case but as always convenience is the enemy of security.

The Lesson: Carefully implement proper hardening of any remote access solution. Attackers will find every gap and do their best to exploit it