Data breaches are a monumental threat to businesses and organizations in any sector or industry, and the threat doesn’t seem to be dissipating any time soon. In fact, breaches are up 54% year over year, as malicious actors continue to find ways to exploit vulnerabilities in existing software, systems, and processes.
With the average total cost of a data breach sitting around $3.92m, it’s critical that businesses and organizations take all necessary precautions against exposing their data. Yet despite the enormous cost and risk associated with lax security practices, many organizations still seem unwilling or unable to defend themselves.
One particularly vulnerable area is Remote Desktop Protocol or RDP. RDP allows a user or users to connect to a computer via a network connection, for the purpose of remote access or file transfer. While a convenient way to access machines remotely for both personal and business use, the security risks inherent in leaving ports persistently open for access cannot be overlooked.
Remote Desktop Protocol Vulnerabilities
RDP vulnerabilities have become the top attack vector in ransomware, comprising over 60% of attacks in the first two quarters of 2019. In July, over 7,000 Windows PCs and 1,900 servers at LabCorp were infected. In another incident, Hancock Health ended up paying over $50,000 in ransom to regain access to data that had been accessed via a hospital server running RDP services. Attackers are also exploiting RDP to install backdoors, keyloggers, and cryptomining tools on enterprise systems. The BlueKeep vulnerability, discovered in early 2019, found that it was possible to execute code remotely on machines running RDP. This was followed by the Seven Monkeys release in August, a batch of 7 updates addressing further vulnerabilities within RDP.
RDP vulnerabilities are particularly dangerous because they can allow malicious actors to gain access to multiple machines on a network. “Most RDP vulnerabilities allow an attacker to compromise the server, then approach new victim machines using RDP,” said Dana Baril, Security Software Engineer at Microsoft. Once attackers have gained access to a server, they can have access to a wide range of devices on the network through the RDP protocol.
Defend Yourself Against RDP Exploits
So how can beleaguered system administrators defend themselves against RDP exploits?
First off, if you intend to keep allowing RDP access, Microsoft provides a solution to secure remote access with RDP in their Remote Desktop Gateway server which allows you to secure the connection with SSL. In fact, encrypting RDP with SSL on port 443 has been a standard Microsoft best practice for many years—a large reason this vulnerability has become so widespread and problematic is the fact that many organizations don’t understand that this option is available, or fail to configure it correctly. Leaving the default port 3389 open on a public internet to allow RDP is akin to putting a sign in front of your house telling threat actors to attack you and that you don’t lock your doors—it’s critical that system administrators encrypt RDP with SSL in order to prevent against further threats. Microsoft has identified over 400,000 endpoints lacking any form of network level authentication—make sure you’re not one of them.
Lastly, it’s recommended that system administrators install all available patches for the vulnerability, including the Seven Monkeys patches. The NSA has recommended additional measures, including disabling Remote Desktop Services and its associated port (TCP 3389) if not being used. For enterprises still enabling RDP, it’s recommended requiring Network Level Authentication (NLA) for RDP, and enabling two-factor authentication may make the RDP issue less vulnerable. The best protection is to take RDP off the internet: switch RDP off if not needed and, if needed, make RDP accessible only via a VPN.
Remote Desktop Protocol vulnerabilities remain a highly lucrative and easily exploitable vector, and incidents are projected to continue to climb throughout the year. At Tigunia, we use the smartest minds in the business to build effective IT security strategies that we apply and manage across organizations of all sizes.
If you’re concerned about your organization’s RDP practices or wondering how you can safeguard yourself against future threats, let’s schedule a meeting with one of our Security professionals. They can help you assess your current risks and threats, and build a scalable, cost-effective plan for ensuring your data is protected, backed-up and retrievable.
Don’t leave yourself open to a hack like BlueKeep – get your environment secured with right-fit technology solutions from Tigunia. Let’s talk!