Cybercriminals have found ways to invade networks cheaply, connect to every machine and monitor your network’s activity. Are you shoring up this preventable threat?
Over the course of the last five or six months, criminals have more and more been directing their focus at brute force attacks. Using Remote Desktop Protocols as their main target, these criminals have been hitting big and small targets, alike, with high success rates.
Consider some of the most recent cyberattacks in the news: LabCorp, the city of Atlanta, SamSam attacks on healthcare clinics and hospitals, non-profits, and other low hanging fruit that put simply have not done enough to shore up their security (and nearly 90% of the time, they think they are!).
One very recent case, in fact, happened a week after that big LabCorp attack which compromised 45,000 medical records. A regional hospital system, Cass Regional Medical Center, had its entire EHR system down for a week after the attack.
How did the bad guys get in? With a brute force attack targeting Remote Desktop Protocol (RDP) and using the SamSam virus as their attack vector.
Are RDP attacks a new phenomenon?
Not at all. Cybersecurity experts have been warning of RDP attacks for years now. For one reason or another, RDP attacks have become popular among cybercriminals.
How do RDP attacks work?
Hackers start by scanning your network from the outside for any open RDPs using freely available tools. They simultaneously phish your entire network in search of credentials (there are numerous phishing kits that actually instruct step by step into getting users to click on links or open attachments, ultimately compromising their user credentials. Once the criminal has credentials, your network may be toast (as in encrypted and held hostage for ransom).
To make matters even scarier, RDP backdoors are being sold on the dark web for just $10 apiece. And tens of thousands of new RDP access points are being put up for sale every single day (according to a McAfee).
What can a hacker do with one open port on your network?
Cybersecurity experts agree that with one RDP port from even a computer seemingly benign (like one in reception, point of sale, or cafeteria) can be leveraged to laterally move across the network. That means that if you’ve prioritized protecting machines involved in accounting, HR, or other areas that may be storing much more sensitive information—including protected health information—that information may be compromised through a machine you’d never have expected that isn’t necessarily being used in ways that you’d think would ever be a risk on network (machines that aren’t used for email or web surfing).
In all likelihood, you’re not aware of these flaws.
Most of these RDP-related attacks were completely unsuspected because IT teams didn’t even consider the machines risks. Even though they were misconfigured, the team figured that since no one working on sensitive or high value work was using them, the priority to regularly check the machines, keep them compliant, and a security priority was one of the lowest on their totem pole of ToDo’s.
The problem that most IT teams don’t understand?
How even vulnerabilities in low priority computers—ones with misconfigurations mistakes—can lead to the very significant consequence of a network-wide ransom attack.
Are cybercriminals just attacking networks via RDP to ransom data?
While ransomware attacks quite commonly are motivated by criminals simply seeking to get paid from the ransom event, many are seeking to exploit sensitive information, exploiting information, running cryptomining on your network and abusing your accounts.
How can you take control of your RDP?
Most often RDP is commonly used to allow remote access into your network. Most of the time, third-party vendors request this access. Make sure you are cautious only to open RDP on your network as a last option. Best to follow the mantra if you don’t need it, don’t enable it.
Evaluate who has access to your RDP and double check that those that have access really need it. In the case of RDP protection having less is more.
Another glaring vulnerability with RDP is passwords. Often, the passwords used are standard and easy to guess. If you have RDP enabled on your network, make sure you’re using unique and complex passwords for each access point. Never opt to use the default password!
Cybersecurity experts stress that security on RDPs and other network-wide vulnerabilities need year-round attention. When you least expect it or when you’re understaffed (like on a holiday or weekend), attackers are at full-strength targeting their attacks.
Are you sure your network is secure? Contact Us TODAY for a free network security assessment.