Increased Cybercriminal Activity for Small Businesses Using Remote Access Tools
Have you ever wondered how secure your business is in the face of cybercriminals? According to CERT Australia, many business owners regret not giving a second thought when it comes to network security.
CERT Australia, the national computer emergency response team run by the Australian government, has recently released a warning concerning small businesses. According to them, allowing remote access to their computers and servers may create a vulnerability that can be easily exploited by cybercriminals.
Most small businesses that have been targeted by cybercriminals are running a version of Windows that supports remote desktop protocol (RDP). This tool is used by either staff who work from another location e.g home or by the IT team to fix issues for the staff remotely. It’s a convenient solution that up until recently worked pretty well for most people (individuals or businesses). The solution is indeed quite effective, but a weak password can be easily broken with a brute force attack. The beautiful part is that it doesn’t even take a skilled cybercriminal to break into your private network.
The brute force procedure is a very crude hacking process where one uses a tool to test all possible passwords. Attacks are random as they scan the internet looking for IP addresses that have open ports in their firewall for remote access. Once they find their target, then they run the password guessing tool and if you use a weak password, it only takes a few minutes to break it. A complex password will take a bit longer but they will get that one too.
Once the correct password is identified, cybercriminals have free access to your network and business files without you even knowing. They can encrypt, delete, modify or make them public. So now tell me, are you comfortable knowing that someone could be browsing through your clients files right now?
What do cybercriminals gain out of this?
The most popular hacking method nowadays is ransomware. This means that cybercriminals are getting rich by encrypting your files and asking for a ransom in order to give you the decryption key. Simple, effective & very successful. Ransom amounts have been known to reach up to AUD$8,000. A recent report from antivirus company McAffee Labs show that the number of detected Ransomware had doubled between 2014 to 2015. This increase is predicted to continue through 2016 with Antivirus software unable to stop Ransomware attacks.
To make things even more difficult, cybercriminals will also wipe your backups clean if it is connected to your business network, so you won’t be able to go around the problem. That’s why it’s important to have an offline backup (not connected to the computer/server) or a separate password to access the backup software and location.
According to CERT Australia, the cybercriminal activity has intensified within the last 6 months and the Windows Remote Desktop Protocol systems are not the only ones at risk. Every server or computer that has a poor security system can be accessed with a bit of work. According to CERT Australia, cybercriminals seem to be more interested in delivering ransomware software via attacks than via email (the most popular channel up until now).
Even though all this sounds scary, there are ways to make sure you won’t be the next victim of this wave of cybercrime. The recommendations issued by CERT Australia are:
- Avoid the Windows RDP or VNC (Virtual Networking Computing) or similar tools that allow you a remote connection with your server when you are not protected by a VPN.
- Check your passwords and improve their strength. Also, avoid using the same password for several accounts. Change passwords regularly.
- Use a two step authentication system for the remote access to your server
- Make sure you are keeping detailed logs. This way, in case something happens you will know where the damage is.
- Improve your backup system and make sure you are keeping a copy offline.
What we recommend
While the recommendations above should be followed to the letter, there are other ways to protect your business. For instance, it may be difficult to check if someone has enabled Remote desktop or VNC vulnerabilities on the network. However you can do a quick check by going to a website and see if the necessary ports are open in your firewall which make your business vulnerable.
The website is //www.canyouseeme.org/. All you have to do is enter the following ports to see if they are exposed to the internet.
- RDP (Remote desktop) port number: 3389
- VNC port numbers: 5800 & 5900
When you click Check Port you will get one of two possible responses:
- Success: I can see your service on ip address on port (xx). This means you have failed the test and your ports are exposed to the internet. This is an urgent issue as you are vulnerable to this attack so have your IT fix it right away or call Onsite Helper.
- Error: I could not see your service on ip address on port (xxx). This means you you are safe for now. There is still a chance that there are non default ports open for remote access so it is a good idea to have your firewalls reviewed for your own peace of mind.
However, you won’t have the time to perform this check every day as so it’s recommended you install monitoring software on computers that sends alerts if someone is trying to break a password and log in.
It’s also a good idea to change the default passwords of your router/firewall to prevent staff or others opening up this security risk in the future.
Even if you pass the open ports test and nothing seems wrong, there are many other IT security vulnerabilities in a small business network. That’s why it is important to take our DIY audit to explore. More here: //www.onsitehelper.com/services/it-security-audits/