Cybercriminals and hackers are continuously implementing new attack methods to exploit remote login credentials. These are known as credential harvesting attacks.
With many companies just allowing remote desktop connections through their firewalls, with no other form of encryption or authentication validation involved, these RDP attacks are becoming more common.
The highly predicted attack rate has rocketed over the last year as employees started to work from home due to the Covid-19 restrictions. Cyber security solution provider, ESET, has recorded a 768% increase in RDP attacks between Q1 and Q4 of 2020.
In an attempt to get users working from home quickly, and with as little intervention as possible, many MSP’s and IT administration departments simply opened port 3389 through the firewall to a server, or group of servers. These implementations were usually hastily configured with little regard to solid cyber security. Many of these set ups have been found to have known and exploitable vulnerabilities in them.
What this means is that companies then have the issue that end users can use their own personal PC’s or laptops to connect to the corporate network. Many of these devices may already have malware ticking away in the background, without the end users being aware of it, especially with the possibility that there could be a keystroke logger installed. These loggers detect anything typed on the keyboard and at certain points of the day and send that information to a C&C (Command & Control) server out on the internet.
When it comes to Cyber Security you should get a qualified and experienced Cyber Security expert to review your set up.
Unfortunately, most IT departments and service providers are rushed into implementing solutions, usually by senior management or board level members, which are not fit for modern day Cyber Security needs. Most IT administrators and managers are not trained in advanced hacking techniques and do not realise they are opening their doors to the bad guys. Hastily implemented solutions which are made for “ease of implementation and end user access” are a cybercriminal’s dream.
Don’t forget it maybe that your network is part of a connected supply chain. Therefore, you may be opening up your client’s networks as well.
Don’t be an easy mark for the cybercriminals or unscrupulous competitors. Get a check by a company who knows what to look for and can give sound advice on how to prevent cyber-attacks. Please get in touch if you’d like to discuss your options.