[noinsight]

> chances are very high that some university administrator probably downloaded a shady program from a porn site.

Nah, in reality someone probably clicked a link in a malicious email that launched a backdoor on their computer. The likelihood of that approaches 100% on untrained users. And, as this is a university environment, that user likely had local admin.

You only need 1 successful click to breach the good ol' "secure internal network" after which all bets are off - few companies sufficiently secure their networks from "internal" attackers.

On a traditional Windows network, credential hygiene practices are woeful and Domain Admin (admin access to every single domain-joined device on the network) level credentials are lying around everywhere and once those are compromised, every single domain-joined device on the network can be compromised.

I've seen this all happen in the span of 10 minutes - a remote user with VPN gets compromised, the attacker connects to the corporate network through them, gets Domain Admin and spreads malware through Active Directory to every single device on the network - X thousand workstations, Y hundred servers etc.

There's no actual vulnerability to remediate - you just have to "administrate properly" to prevent this. (https://aka.ms/spa)

[FDSGSG]

>Nah, in reality someone probably clicked a link in a malicious email that launched a backdoor on their computer. The likelihood of that approaches 100% on untrained users.

In 2019 this is actually very unlikely. Driveby exploits have been pretty rare for years now.

[noinsight]

It's still one of the top methods.

See for example Symantec's report [1] with lots of data.

[1] https://www.symantec.com/content/dam/symantec/docs/reports/i...

[FDSGSG]

I'm sorry, I can't seem to find any references to driveby exploits in that report. I see many mentions of malicious office documents with downloader macros and similar attacks that certainly happen regularly today.

I do not see any mentions of attacks fitting the driveby pattern you described earlier. I am aware such targetted attacks do exists, but they're extremely rare these days compared to a few years back.

Almost all attacks today rely on social engineering to trick the victim into handing out their credentials or opening a malicious file, not a link.

[igetspam]

I literally just got a call about someone being hit. The avenues used to penetrate are email spam and RDP.

[FDSGSG]

When was the last time you saw email spam linking to a browser driveby exploit?

[nyolfen]

exploit office docs are less rare

[FDSGSG]

They're less rare because they've almost completely replaced the attacks I described as "very unlikely".

In 2019 it's extremely rare that anyone gets owned just by clicking a link, we've moved very far from that.