Author Topic: Working from home risks!  (Read 81 times)

0 Members and 1 Guest are viewing this topic.

Offline JnL staff

  • Moderator
  • Newbie
  • *
  • Posts: 3
Working from home risks!
« on: August 12, 2020, 06:31:02 PM »
In recent months, organisations across every sector have come to rely heavily on Remote Desktop Protocol (RDP) to maintain business continuity while respecting social distancing.
However, the rapid shift to remote working has also provided a unique opportunity for ransomware groups. Threat actors predicted that many organizations would not have the time or resources to securely implement RDP during the mass transition to working from home and, as a result, may be vulnerable to compromise.
They were right. The number of Internet-exposed RDP ports grew from approximately 3 million in January 2020 to more than 4.5 million in March, according to a McAfee report.
In this blog post, we will discuss why threat actors use RDP to deploy malware, how our solutions protect users against RDP brute-force attacks and best practices for mitigating RDP-based threats.

What is RDP?
RDP is a network communications protocol developed by Microsoft. Available for most Windows operating systems, it provides a graphical interface that enables users to connect remotely to a server or another computer. RDP transmits the display of the remote server to the client and the input of peripherals (such as keyboard and mouse) from the client to the remote server, effectively allowing users to control a remote computer as though they were operating it in person.
RDP is typically used in a business environment to allow end users to remotely access files and applications stored on the organization’s local network. Administrators also commonly use RDP to remotely diagnose and resolve technical problems with end users’ devices.
How attackers use RDP to deploy malware
RDP is generally regarded as a safe and secure tool when used within a private network. However, serious problems may arise when RDP ports are left open to the Internet because it allows anyone to attempt to connect to the remote server. If the connection is successful, the attacker gains access to the server and can do anything within the hacked account’s privilege limits.

This is not a new threat, but the global shift to remote working has underscored the fact that many organisations do not adequately secure RDP – and threat actors are taking advantage. At the start of March 2020, there were about 200,000 daily brute-force RDP attacks in the U.S, according to a Kaspersky report. By mid-April, this number had ballooned to almost 1.3 million. Today, RDP is regarded as the single biggest attack vector for ransomware.


Powered by EzPortal