The COVID-19 novel coronavirus has fundamentally changed the way that many people work. Data security is paramount. Shelter in place orders mean that more people than ever are now working from home.
While some may be starting to return to the office, there is a high likelihood that this trend toward working from home will be significantly longer lasting. Twitter, for instance, has announced that its employees will be able to continue working from home “forever” should they so wish.
Supporting teleworking means that companies must make certain changes to their corporate network infrastructure. Access to tools that may previously have been available exclusively in the office must now be made available remotely as well.
This means that enterprise VPN servers — allowing companies to offer online, multi-device access to resources such as internal customer and sales systems, SaaS (software-as-a-service) applications, and local file storage — are now central to a company’s support offerings. The same is true of remote connectivity options such as RDP (Remote Desktop Protocol) connections.
RDP is a proprietary protocol that was developed by Microsoft to allow access to another computer by way of a network connection. Alternatives include the likes of Chrome Remote Desktop, Team Viewer, Any Desk, and more. All offer features that allow a user in one place to remotely access another computer even when they are not in the same physical location.
New Opportunities, New Threats
But while innovations such as remote connectivity have opened up new opportunities for workers, unfortunately they have done much the same for cybercriminals. To put it simply: remote workers require remote connectivity, and remote connectivity enables malicious account takeover.
Over the past several years, with the rise of remote working, RDP has become a popular attack vector in cyber attacks. This is particularly the case for ransomware attacks, in which important documents are held hostage by hackers, and access is restored only after their rightful owner pays a cryptocurrency ransom.
With increasing regularity, cybercriminals remotely gain access to systems. This can be done in several ways, including phishing attacks sent to emails, purchasing leaked credentials online, or brute-forcing access to networks that are not properly secured — usually as a result of easy-to-guess passwords and minimal extra layers of authentication required.
Once there, the cyber attacker uses tools that allow them to increase their access to admin level, letting them make profound system-wide changes, and then utilizing this to knock out security solutions like antivirus software and two-factor authentication (2FA) requirements. Finally, they will select an opportune (or, for the target, incredibly inopportune) moment to make the ransomware attack.
Targets are left with encrypted systems, possibly leaked information, and no access to the tools employees need to do their jobs. Under pressure to restore access, many companies may be willing to pay the requested ransom — and then hope that the attackers live up to their promise.
No-one is safe from being targeted by a ransomware attack, whether that’s an SME (small and medium-sized enterprise) business, large corporations, or even utility companies and public sector divisions.
For example, in June 2020 the United States’ Federal Bureau of Investigation (FBI) sent out a security warning to K12 schools alerting them to an increase in ransomware attacks during COVID-19 — especially via RDP connections.
The warning noted that, “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning.”
Protect Your Neck
It is imperative that organizations put the proper security defenses in place to protect against these potentially devastating attacks. Some measures are ones that companies can easily put in place for themselves. For instance, it is crucial that strong and complex passwords are used for any and all accounts that may be logged into using RDP or similar remote connectivity tools.
Similarly, there is no excuse to not be using extra layers of authentication, such as two-factor authentication or multi-factor authentication (MFA). Make sure that there is an automated lockout policy that kicks in after a fixed number of unsuccessful login attempts. While this will not protect against all the ways a cyber attacker might gain access to a system, it will help protect against brute force attacks that repeatedly guess passwords.
Companies may also wish to change the RDP port from the default TCP 3389. Because this is the default, it is frequently targeted by hackers who will send out waves of TCP 3389 connection attempts to different IP addresses. This RDP port can be changed easily using the Windows Registry Editor, and removes another “low hanging fruit” vulnerability that may be seized upon by some hackers.
The Importance Of Firewalls
Another strong recommendation is that companies deploy firewalls with automated attack bot detection. By implementing a firewall that looks for unusual bot behavior and takes the correct precautions, potential targets can be saved from extremely damaging ransomware attacks — as well as other RDP-exploiting attacks that can steal personal data or simply cause disruption for the sake of it.
The prevalence of remote working is only going to increase. As workforces become ever-more decentralized, the ability for businesses and organizations to draw on cloud-based technologies to allow workers to carry out their jobs remotely offers some exciting benefits.
But it also carries inescapable security risks. Or, at least, inescapable if the proper precautions are not put in place. Fortunately, there are security experts who can help advise you on the best measures to put in place, as well as providing tools like top-of-the-range firewalls.
There’s no time like the present to make sure you do this. The future of your business may rely on it.