Hackers aren’t letting up on their attacks against Remote Desktop Protocol; on the contrary, they’re ratcheting up the worldwide onslaught.
Are you properly monitoring your remote accesses and security measures?
Since mid-2016, attacks on remote administration tools such as Remote Desktop Protocol (RDP) have been on a continual rise. Hackers have been hard at work developing various methods of finding RDP vulnerabilities and exploiting them.
And they’ve been rather successful.
The FBI recently posted a public service announcement on their Internet Crime Complain Center (IC3).
From the alert:
Remote Desktop Protocol (RDP) is a proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet. This protocol provides complete control over the desktop of a remote machine by transmitting input such as mouse movements and keystrokes and sending back a graphical user interface. In order for a remote desktop connection to be established, the local and remote machines need to authenticate via a username and password. Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system. Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.
Read the full FBI alert at: https://www.ic3.gov/media/2018/180927.aspx
The ever-present threat of ransomware
Ransomware is a particularly nasty form of malware that encrypts a system’s data and holds it for ransom for a certain amount of cryptocurrency. If the ransom isn’t paid, the decryption keys are tossed to oblivion. (Even if you do pay up, there’s no guarantee the cybercriminal will uphold their end of the bargain.) If there’s no good backup of your data, it could mean a major setback or even the death knell for your business.
The Sam Sam strain was responsible for the Atlanta ransomware lockdown earlier this year that cost the notable city millions in IT recovery.
Ransomware strains like CrySiS and Samsam utlize aggressive RDP attacks as part of their overall cyberattack playbooks. Brute force attacks (where the attacker attempts many possible combinations that could constitute a valid password) and dictionary attacks (which systematically utilizes words in a dictionary to attempt to defeat authentication) are commonly used.
An exchange of the Dark-est kind
In the dank corners of the Dark Web, illicit goods of all kinds can be found for sale.
RDP credentials, the fruits of a successful breach, can be purchased by cybercriminals rearing to commence their attacks with as little obstacles as possible.
The price for these purloined credentials can vary depending on the attributes of the compromised system and the resources contained therein.
What to look for when auditing your remote access security
The FBI alert mentions four things you shouldn’t overlook when reviewing your RDP accesses and security.
1. Weak passwords
Weak passwords are the bane of security efforts. Simple passwords that consist of dictionary words can be vulnerable to brute force and dictionary attacks. Some password strengthening tips:
- Use both uppercase and lowercase letters
- Mix in numbers and special characters for added complexity
- Use a minimum of 8 characters
2. Unlimited login attempts
Don’t allow unlimited login attempts to an account.
3. Outdated RDP
Outdated RDP versions may utilize a version of CredSSP that contains a critical vulnerability. A logical cryptographic flaw in CredSSP can allow for a man-in-the-middle attack. Keeping systems patched, up-to-date, and proactively monitored is always part of a good IT regimen.
4. Access to default RDP port
Don’t allow unrestricted access to TCP 3389, the default RDP port.
Need assistance with your IT security? Get a free consultation.
InCare Technologies is an industry-recognized managed service provider (MSP). We’re experts when it comes to cybersecurity, and we can assist with best practices for your RDP and network security.
Many of our products and services are fully managed by us, so there’s no need for you to reduce your focus on your core business.
Contact InCare today at 205-277-CARE or fill out the form below to schedule your free security consultation.