Criminals are continuing to use the COVID-19 pandemic to gain access to business computers, distribute malware and scam the public – don’t become a victim. The pandemic has required more people to work remotely home than ever before, and this has prompted businesses and individuals to embrace new technology and tools to access tools and resources, and to keep in touch with colleagues, students and families.
Remote Desktop Protocol:
There have recently been a a number of reports made where attackers have exploited insecure Remote Desktop Protocol ports and services to gain access to computers and networks.
Remote Desktop Protocol (RDP) is a powerful tool for allowing users to dial into and take control of other computers and servers remotely. Some of the many applications of RDP include administering networks, installing software and running complex scientific experiments on university supercomputers.
RDP also provides users the opportunity to access and utilise all the files and programmes available to them on their office computer, without needing to go to their places of work. Given the current COVID-19 outbreak, more and more businesses are using RDP to allow their employees to continue working from home.
However, if an attacker manages to successfully connect to a computer using RDP, they’d also have access to every programme and file available to a legitimate user. Attackers commonly use insecure RDP to install spyware, steal data and infect machines with ransomware with relative ease.
Thankfully there are several simple steps you can take to significantly improve the security of your RDP facilities and your network:
- Check your RDP ports and services. Most computers will need to have their RDP ports and services enabled in order to be controlled remotely. Despite this, many are unaware if their RDP ports and services are enabled or not, despite sometimes having no need for anyone access their network remotely.
- Configure your RDP to use strong passwords. This will quickly help to prevent RDP being used as an easy access route for attackers to get into your network. The overwhelming majority of attacks reported using RDP have been the result of weak passwords.
- Ensure logs are kept of RDP sessions and logon attempts. This will allow you to monitor if anyone is trying to break into your network, and more critically, allow you to identify anyone accessing it who shouldn’t!
Zoom Bombing is a worrying new trend whereby attackers join Zoom meetings uninvited and disrupt the session.
Reported instances of Zoom Bombing have involved attackers joining meetings and proceeding to shout racist comments, harass participants and in one case, attackers shared pornographic content during a lesson hosted by a primary school.
Attacks have been managing to ‘bomb’ Zoom meetings by exploiting how until recently, Zoom’s security features were not enabled by default. This meant that anyone with a link to a meeting could join it.
The latest versions of Zoom now have the basic security features enabled by default, but users should check that the correct settings and options are used to ensure meetings are kept private and participants are managed.
For advice and guidance on how to do this, click here.