Well here we are. The new world of working from home, or at least ‘the world for the foreseeable future’. As we here in Victoria are now in Stage 4 with more restrictions and more uncertainty about the next few months, there has been a large increase in ransomware attacks which is devastating some small to medium businesses. Whilst I tend to subscribe to the ‘correlation is not causation’ approach, there is a relationship between the pandemic and the higher incident rate of ransomware attacks.
How, you ask? Well, with the increased restrictions, and working from home orders for the majority of the workforce, a fair portion of businesses have been opening up what’s called the ‘RDP port’ to allow access to internal resources. For the non-initiated, RDP stands for Remote Desktop Protocol. It’s primary purpose is to allow remote control of a computer/server from an external source. Essentially, it’s a method to allow working from home.
This particular port is the main attack vector that the ransomware culprits use to get in (using Brute Force password hacking), as it’s as simple as using a port scanner, locating the port, attempting to authenticate and using scripts and bots to rotate through every possible combination of username and password until they hit pay dirt. Once they are in, well, they’ll attack the backups first, then all of a sudden you’re stress calling your IT department and trying to figure out how BitCoin works at 2am.
There are two major ways we combat this at Bizpro IT Services. One, is mitigation of the initial risk. We don’t open the RDP port. Period. The two main methods you can use to protect this, whilst still providing the functionality is a Virtual Private Network (VPN) and/or a Remote Desktop Gateway. These both add a layer of security and remove the ‘RDP port scanning’ risk. Without getting two technical, they aren’t fool proof, but they are an extra hurdle for an attacking party to get through, and ultimately, as these attacking parties like to attack the path of least resistance and are never really ‘targetted’. Any extra hurdle will dissuade the attempt.
Two, disaster recovery. The backups themselves should never accessible using the same username and password as the server itself. This is a common issue we see when getting new clients. The all eggs in one basket approach will backfire more often than it will bear fruit. We implement multi level backups (internal, local, remote) and monitor them constantly. We have disaster recovery plans for most eventualities and test our systems and processes quarterly.
Ultimately, in this day and age working from home is far less of an issue that it would have been say 10 years ago. With the advent of Office 365 and the mystical ‘Cloud’, decentralising your workforce has become easier than ever. However, as with everything, if you don’t stay on top of the security side of it, it will come back to bite you. Hard.
