How a Remote Desktop Connection (RDP) Poses a Serious Risk of Ransomware attack during COVID19 Pandemic
Call it a bane or blessing, but never in modern history has remote work and telecommuting become such a cornerstone in business. We are seeing millions of workers staying put and working from home. How stressful or easy is it to work from home? That is another matter all together, and will not be our point of contention in this post.
Consider the following for a moment:
The number of RDP ports exposed on the internet were over 128,000, and this data is only taking into account the open ports on IPs for US remote systems.
The Novel Coronavirus (COVID19) has brought entire economies and health systems to a standstill, beyond hope of return. New research from Microsoft presents startling revelations on how ransomware attackers are holding hospitals hostage by rendering their security systems obsolete and demanding payment.
We all know just how easy and convenient it is to sit within the comfort of your home, connect remotely to your organization, and start working.
Easy, right?
Little did you know, ransomware cyber criminals are targeting vulnerabilities and exploits in the insecure configurations of Microsoft’s products such as Remote Desktop Protocol, Sharepoint and Exchange servers. Many of these attacks are done through known exploits and bugs that users did not bother to fix by installing a patch from Microsoft.
How Cyber Criminals are cashing in on COVID19 Pandemic?
Did you know that since March 2020, a ransomware gang known as NetWalker has managed to rack up $25 Million in ransom payments? And this gang is only one of many which have no intentions of retiring for the foreseeable future!
Thanks to remote desktop connections, and a lack of basic and essential security knowledge along with proper implementation among businesses and employees, COVID19 has been a blessing for these cyber criminals, targeting anyone they can cross paths with.
Worst part?
These gangs haven’t even spared hospitals, and have frozen their entire systems just when it was required the most to save precious human lives.
Can you Get a virus through Remote Desktop Connection?
Here’s a dirty little secret:
The favorite exploit vector for a ransomware gang is the Remote Desktop Protocol (RDP)
Also known as a remote connection for managing a server, RDP has allowed employees to connect with their offices whilst work remotely.
And this is exactly what most cyber criminals take advantage of. We have talked about exploits and ransomware in great depths in this blog post.
RDP, or remote desktop is a common business protocol deployed by companies ranging from small businesses to large enterprises intent on getting their work done remotely.
But if it isn’t secured using multi-layered encryption among other preventative measures, then it is a matter of when, and not if, your entire network becomes victim to a ransomware attack.
The FBI has warned K-12 schools on the 23rd of June 2020, about a rise in ransomware attacks via RDP according to this ZDNet report.
It is no coincidence that schools and educational institutes have become a prime target during lockdowns. Why? Because they usually don’t have the budget to maintain network security, or the level of decisive capacity to implement such security efficiently.
What are some signs of a cyber breach?
If you notice any one or all of the following, it could be the signs of a ransomware attack. Immediately notify your IT manager to have them resolved:
- Sudden and strange pop ups keep appearing
- You feel the loss of control to your mouse or keyboard
- Computer gets slow and sluggish
- You notice new programs that you never installed before
Sivan Tehila, Founder of Cyber Ladies NYC, points out three vulnerabilities for employees working from home, due to which they can easily become a victim of ransomware. Here are these:
Poor Network Security on Home Wi-Fi routers:
Employees working from home either pre-pandemic or during lockdowns, have little to no knowledge of keeping their Wi-Fi networks secure. They will use simple passwords that cybercriminals can easily crack. Unlike IT managers ready to tackle any situation, remote workers are always at risk of being compromised. Make sure you maintain a strong password for your Wi-Fi network.
Phishing Attacks:
Forget those Nigerian Prince scam emails. Today is the day of phishing, which are the most common types of attacks for data breaches. You will receive an email from a seemingly legitimate source, say, YouTube or Google.
And without doing any research, you would click a malicious link, and the hacker gains access to your system, deploying key loggers and tracking your online activity. That’s how Youtube channels, emails, and cloud data gets compromised.
Simple passwords:
We still scratch our heads after reading horror stories on how entire networks fell victim to a cyber attack because of simple and easy-to-remember passwords set by IT managers! Many people fail to realize that having a simple password on a single machine, or even worse, across all devices and accounts will make your life a living hell once hackers get a hold of it.
How to secure Remote Desktop Protocol? (RDP)
Here are the best practices to secure your remote desktop connection:
Require use of specific security layer for remote (RDP) connections
We understand that your organization is reliant on using RDP but should be done by following complete security measures. Do not use it purely out of convenience.
If possible, use a specific security layer such as a remote desktop VPN every time while connecting to your remote computer. Keep changing default port numbers frequently to minimize the chances of getting compromised. Only employees having a need should be granted with access.
Use Two-factor authentication (2FA)
Use two-factor authentication to add an extra layer of security for your remote connection. A 2FA is an effective method to thwart hacking attempts and prevent ransomware encryption.
Disaster Recovery
When it comes to cyber attacks, it isn’t a matter of if, but when. Prepare yourself by keeping a backup of your data in a safe location, isolated from network. Read our blog post on what to do in a ransomware attack. It is a complete guide on keeping yourself safe and secure when disaster strikes!
Strong Passwords
Ladies and gentlemen, please use strong passwords. Stop using common titles such as John, Peter, or your dog’s name. Also stop using “123” as numerics. Here is what an ideally strong password looks like:
Aw@lK2ReMEMb3R!&()
Here is a password that hackers would WANT you to have:
awalktoremember
See the difference? No matter how smart cyber criminals get, it WILL take them a LOT LONGER to crack the first password. Just keep that in mind.
Block IPs with repeated login failures
An RDP brute-force attack takes place when a certain user is trying to login from the same IP address multiple times in a short amount of span. Use a reliable antivirus software that immediately prompts you to keep your remote server secure. You can block IPs using Windows Account Policies.
Conclusion
As the world continues deep diving in the field of remote working, employees and employers will always remain vulnerable to getting hacked. In a post COVID19 situation, these attacks aren’t stopping anytime soon.
You need to take a proactive approach by keeping yourself at home and your organization safe and sound from rdp brute-force attacks.