While the current pandemic is still evolving, great news is that vaccines are coming our way with some very promising results. This shall bring us joy to be able to meet with each other and to share our stories. While the pandemic has vaccines, cyberattacks have not been stopped, in fact, Cyber Security – ESET recently reported that there was a huge increase in remote desktop attacks, particularly on the protocol that every single Windows has built-in – Remote Desktop Protocol (RDP).
Why Attack On Remote Desktop Protocol (RDP)?
Based on the report, Q4 2020 alone saw an increase of 768% growth in cyberattacks, particularly on RDP alone! This does not come as a surprise, as RDP can be an easy target while IT Admins are scrambling to enable continued productivity for employees to work remotely. What is better than simply to turn on RDP to the internet and let employees ‘feel-at-office’ with every single application works as it is, right?
While that is true, however, with RDP exposed to the internet without proper (or at least minimal) protection mechanism, this could really hurt an organization’s image if things go bad. From the report, RDP attacks can be used to infiltrate and monitor the network, while launching the attack when the time is right, for example: prior to an announcement, or large information leaks.
Furthermore, Remote Desktop Protocol is so simple to configure. Human error happens, RDP can be “misconfigured” even without realizing. Examples include exposing RDP with a default port, not using multi-factor authentication, not enforcing complex password for users, without proper network filtering, and so-on. With the current computing power, a bot can be easily coded to automate scanning large amount of “misconfigured” RDP in a matter of hours. The easy target could be you!
How To Secure Your Remote Desktop Protocol?
For what’s worth, we always recommend our customer to at least have network protection in-place as an insurance, that wouldn’t hurt especially with a subscription service that charges only when you consume the protection, right? Cloudify.Asia provides cloud firewall that let you centrally monitor the usage of users, as well as providing encrypted traffic channel for a peace of mind, easily integrated with Multi-Factor Authentication (MFA). These simple steps can greatly reduce the attack surface and avoid being a simple target.
To further tap on the power of cloud, logs can be uploaded to Cloud, leveraging the Power of AI and Machine-Learning. They understand user behavior and pattern, alerting the team if anything seems out of the norm. Azure Sentinel with integrated firewall and identity logs, for example, can understand that users do not usually require access to finance system, hence it will trigger an alert if a user acts unusually and access to sensitive finance data. The cloud also provides an overview of security postures of your environment and provides you clarity. Wouldn’t it be great if you have a virtual security guard in front of your digital assets?
What if the security guard can provide full access logs for uninvited visitor in your environment too? With Azure Sentinel, this is exactly what gives you the power of simple analytics, that can back-trace the digital footprint, understanding the depth of breach, if there is one.
In summary, no one is safe in this digital world, even Microsoft suffered the largest security attack ever in the history. What came out from the end of the tunnel was that Microsoft learned the attack and trained the AI model, giving us access to technology that can prevent an attack on our own assets as quickly as possible.
Written by Reng Kwan | Cloud Transformation Officer