TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Securing Endpoints from Common Vulnerabilities

2025-03-28 · Read original ↗

ATT&CK techniques detected

11 predictions
T1021.001Remote Desktop Protocol
97%
"securing endpoints from common vulnerabilities attackers are constantly on the prowl, scoping out vulnerabilities of network - connected devices in your systems. these devices — laptops, desktops, servers, iot, and more — are like unlocked doors waiting for threat actors to strol…"
T1219Remote Access Tools
95%
"- existing rmms or install their own, they can potentially control every connected device across your organization, lurking under the auspices of legitimate software. rmm attacks are dangerous because there ’ s always a risk that attackers will fly under the radar of your detecti…"
T1219Remote Access Tools
95%
"reduce the damage if ( when ) credentials are compromised. for more on how attackers use phishing to access your endpoints, check out tradecraft tuesday : " phishing in the fast lane. " remote monitoring and management ( rmm ) tools : the double - edged sword rmm tools are double…"
T1219Remote Access Tools
95%
"nightmares because threat actors drop into your environment undetected without using malware. your rmm tools should make endpoints more secure, not less. tighten up those settings and keep potential bad actors out. example of legitimate rmm tool compromise what you can do : - use…"
T1566.002Spearphishing Link
70%
", and some things just never go out of style. every day, phishing emails land in inboxes and a staggering number of victims still fall for social engineering scams. this isn ’ t a new tactic by any stretch of the imagination, but threat actors continue to rely on it because it wo…"
T1566.002Spearphishing Link
67%
"s take a look at email phishing. when an employee clicks on a malicious link in a phishing email, they might unknowingly hand over sensitive credentials to an attacker or install malware on their system. or, even worse, they may detonate a ransomware attack. phishing often uses p…"
T1021.001Remote Desktop Protocol
62%
"obvious place to look if you want to get inside. here ’ s an example of what happens : attackers often use brute force attacks on rdp, cycling through password options until they unlock a login session. once the initial intrusion is established, they usually don ’ t waste time dr…"
T1563.002RDP Hijacking
57%
"securing endpoints from common vulnerabilities attackers are constantly on the prowl, scoping out vulnerabilities of network - connected devices in your systems. these devices — laptops, desktops, servers, iot, and more — are like unlocked doors waiting for threat actors to strol…"
T1598Phishing for Information
46%
", and some things just never go out of style. every day, phishing emails land in inboxes and a staggering number of victims still fall for social engineering scams. this isn ’ t a new tactic by any stretch of the imagination, but threat actors continue to rely on it because it wo…"
T1566Phishing
43%
", and some things just never go out of style. every day, phishing emails land in inboxes and a staggering number of victims still fall for social engineering scams. this isn ’ t a new tactic by any stretch of the imagination, but threat actors continue to rely on it because it wo…"
T1059.001PowerShell
41%
"risk. the door is wide open for unwanted guests. it ’ s that simple. example of powershell script exploiting cve - 2023 - 27532 in outdated veeam software. patch it up : - set up automatic updates wherever possible. no excuses. - keep a regular patch management schedule and stick…"

Summary

Learn how to lock down common endpoint vulnerabilities like weak passwords and unpatched software to secure your systems against threats like phishing and malware.