Ransomware And Malware - The RDP Connection

JAMES LUI on February 08, 2018 | 1

Ransomware is now a fact of life. And with most ransomware and malware attacks originating via the Web, it’s becoming critical that organizations place a protective shield between active web content and the corporate network. Since Internet access is non-negotiable in today’s workplace, more and more organizations are looking to new technologies, such as remote browser isolation, to lock down this dangerously porous attack vector.   

But, did you know that RDP (Remote Desktop Protocol) connections and SSL VPNs are also common attack vectors that can give the bad guys a convenient leg up into your corporate network? In fact, recent statistics indicate that two thirds of ransomware infections in Q1 2017 were delivered via RDP. Another article announced that “dark web vendors” are selling user credentials to remotely access corporate computers for as little as $3, making break-ins an attractively affordable option.  

Unfortunately, lax data security procedures make the job particularly easy for hackers. Many cyberthieves are simply using publicly available tools like “masscan” to scan the Web for Internet-facing remote desktop ports. When they find them, they just try out the most commonly used passwords (such as “password,” or “12345678” until they find a combination that works.  

Some say that the solution is to simply not use remote desktops. An article in SecurityIntelligence says, 

…It’s not impossible to prevent RDP attacks. The easiest way to avoid an attack is to shut this service down. Unless SMBs have remote workers using RDP connections daily, the insecurity of stock permissions on Internet-facing ports puts companies at risk. 

That’s kind of like saying the best way to prevent car accidents is to leave your car in the driveway and not go anywhere. Yes, that’s true, but for people who want or need to go places, it’s not a feasible solution. 

There is, in fact, a much better way to keep your remote desktops and applications secure. 

It’s mostly not “rocket science” – for starters, here are a few security best practices you can apply right away: 

  1. Set an effective password policy. The National Institute of Standards and Technology (NIST) recently issued new password guidelines and now is an excellent time to implement them. 

  1. Use complex usernames – “non-obvious” user names can serve as a second password. 

  1. Define a lockout threshold for multiple attempts to log in to a given account.  

  1. For really sensitive data, consider implementing two-factor authentication. A little more hassle for users, but a lot more secure for the organization. 

  1. Monitor and log all user sessions – and have someone check them for unusual activity. If something smells fishy – shut it down. 

When it comes to corporate security, though, it’s always best to implement as many layers of protection as possible. A secure remote desktop solution makes it easier for IT and security staff to enforce these and other best practices. For instance, Ericom AccessNow protects RDP connections by: 

  • Obfuscating the RDP port to protect against port scanners such as “masscan” 

  • Delivering RDP sessions as an HTTPS encrypted visual stream, so they cannot be detected 

  • Providing a hardened gateway between the Internet and RDP host, so the hosted resources are not directly accessible on the Internet 

With Ericom, users can easily interact with their business applications and desktops from anywhere, on any device, even without corporate network access. Yet these sessions are completely hidden from the Internet, mitigating the risk of brute-force password attempts and DoS attacks. User management – from on-boarding through off-boarding – and security capabilities such as multi-factor authentication are baked right in, and can be activated quickly and easily. And here’s the best part: no clients are required. Users can access any Windows desktop or application directly from any browser. There are no appliances to patch, no software upgrades or updates, and no hardware to manage.  

Ericom’s security portfolio offers layered protection on multiple fronts to help you achieve your defense-in-depth strategy.  With proper security measures in place, you can allow users to stay connected to the resources they need to do their jobs, without jeopardizing your own. Contact us today to learn how our browser isolation and secure remote access solutions can protect you and your organization from falling victim to ransomware. 

Author | 3 Blog Posts

James Lui

VP of Product Management | Ericom Software

Most Popular Articles