How to Battle RDP Attacks that Increased with COVID-19
Amid the pandemic, one thing is for sure. More and more brute force remote desktop attacks, RDP, have been occurring. What does this mean? It means that people have been attacking and hijacking people who weren't expecting it, or simply thought that they were connecting to someone remotely through work. And who's the biggest culprit of the attacked platforms? Believe it or not, it's not third-party software. I know, it's unbelievable that even with all of the horrible loopholes and vulnerabilities they have, but it's true. Most of the attacks have been reported to have been used with Microsoft's very own Remote Desktop Protocol (RDP). Does that surprise you, probably not?
How are the Attackers Getting In?
Believe it or not, there are many ways that people can connect to a remote computer directly. One of the increasing exploits has been to allow attackers to use the TrickBot malware virus, which is a backdoor trojan. Trickbot will enable hackers to have a built-in module to allow them to conduct remote attacks by force. Trickbot malware tries numerous options after collecting user data (username and password) until a combination works. Once the combination works, then the hackers are in, and getting rid of them is no simple task.
With the increase of data breaches and stolen credentials being sold on the dark web comes problems. It's been darn near impossible to keep your credentials safe. If you have not been involved in a data breach in the last year, you should buy a lottery ticket. That's how lucky you are.
Here's a brief glimpse into how the hackers operate. The hackers start by hijacking a user's computer using the RDP feature. They do this because a lot of people who were just beginning to work from home don't think about security solutions as much as they do at work. Many people automatically have everything configured by their managed service provider or their employer's IT department.
So it sort of just slips their mind now that they are working from home. Complacency leads to weaker RDP security on their home devices. Then when they use it for work, they're logging in with secure data over an insecure platform (in most cases).
How Can I Thwart the Attackers?
Fortunately, in most cases, having additional authentication measures in place can help protect users who have to log in to work servers. Using the right managed threat protection solution at both home, and the workplace can double your security. Windows Defender tries its best but doesn't always get the job done, as we all know. Along with this, having two-factor authentication for your users who are working from home can significantly increase security. 2FA also adds a high level of protection against attackers.
What About Third-Party RDP Platforms?
There are well-known loopholes in almost every platform out there. Choosing the right, IT managed platforms can help a ton and save you from future headaches. Some companies prefer to use things like TeamViewer or other RDP software applications.
While these may be good choices, you'd want to discuss this in-depth with your managed services provider. They can hopefully guide you in the right direction when it comes to RDP software and other security tools. They have already tested many of these platforms and can give you a proper rundown of what to expect. Nobody likes surprises mainly when they deal with security.
The main priority that needs to be taken is just to be very careful and wise about who is accepting remote desktop sessions, and where you're connecting to (or who you're allowing access). You need to be extremely cautious and keep an eye out on the business network to make sure that your data and login information is protected from vulnerable attacks. That way, it doesn't end up on some list that gets shared by cyber terrorists.
Our Final Thoughts on All of This
Despite the increased attacks during this COVID-19 pandemic, with the right security tools and training, you can keep yourself, your company, and your data safe. Having quality protection from ransomware is also a must because many cyber attackers will use this exploit to their advantage to hold your computer ransom and encrypt your data. The massive downside to this is that while you don't have access to your files, they can trick you into paying for your data to be decrypted, but also, they use this to gain back door access.
Therefore, with a security product like SentinelOne, you can also get a robust solution with your MSP to help protect yourself and stop RDP attacks in their tracks from the moment they knock on your door!