Hackers typically sneak remotely into the networks of their victims by setting up phishing scams and duping users into downloading malware-ridden files, which are then executed to commence a cyberattack like ransomware. They may also look for vulnerabilities in computer systems to attempt to get into a network. Both the WannaCry and NotPetya attacks, for example, were successful because hackers used leaked NSA exploits to infect older computer operating systems. Previously, we discussed fileless attacks, an increasingly popular method used by hackers to spread ransomware that sometimes involves exploiting the macro functionality in Microsoft Office documents. Now, it appears that another exploitable entry point has been on the rise: remote access software.
What Is Remote Access Software?
Remote access software allow a computer’s desktop environment to be run remotely on one system while being displayed on a separate client device. Many organizations find remote access software extremely useful. When it comes to coordinating operations across international offices, they provide remote access to vital company resources, helping to maximize effective use of in-house talent and facilitate closer collaboration. For a small business that outsources its IT maintenance, remote access software can prove to be extremely beneficial as well. But of course with all things tech — there is the possibility of being hacked. The most widely-used remote access software use the Remote Desktop Protocol (RDP), which, if abused, can allow hackers to tap into networks.
How Do Hackers Gain Access?
There are several ways hackers can gain access to a network remotely using this software: lack of governance for installing remote access software and weak remote access account passwords. If a company’s employees are unaware that they’ve installed remote access software on company devices, then there is potential for abuse as it increases the risk of hackers finding a backdoor. It’s extremely important for businesses to choose a strong password for their remote access accounts. If the RDP is exposed the Internet, a simple network engine can allow hackers to poke around the network and use various methods like brute force attacks to try and guess the password. Once inside the system, it’s only a matter of time before they acquire access information needed to infiltrate other critical systems.
What Can Companies Do?
One of the most obvious solutions is to disable the RDP if there is no need for remote access software at the time. But if a company requires the use of this software, precautionary measures need to be taken. Because remote access software is vulnerable to hacking, it’s important for organizations to implement a policy that dictates the use of this software. A secure password for both the remote access account and user’s network account is a must, and many experts recommend implementing 2FA or MFA as an additional measure. Furthermore, companies should also consider setting password lockout measures for passwords to restrict the number of times potential intruders can make guesses at the passwords, making sure that brute force attempts are prevented.
Hackers are getting more and more creative in their hacking methods, and using the RDP is one way they can make their way into a company’s network. In fact, Naked Security recently reported on a growing trend of hackers spreading ransomware by accessing computer systems through the RDP. Hackers are able to secretly download and install low-level system tweaking software into a company’s server to disable anti-malware protections and lay the ground for a larger attack. Interested in other cyber security trends? Make sure to check out Cloudbric’s latest blog updates!