Back in September we released two security solutions focused specifically on one of the key vulnerabilities that lead to ransomware and brute-force attacks – and that vulnerability is RDP. In 2019 ransomware and brute-force attacks increased by 118% according to the McAfee Labs Threat Report – and much of that access was gained by brute-force attacks to open and exposed remote access points such as RDP.
What do we mean by open/exposed RPP ports? When you enable remote functionality on a Windows server, you open its RDP ports to the outside world, specifically ports 3389, 3387, 3392. At that point, if your server is directly connected to the Internet, you are vulnerable to RDP brute-force and vulnerability attacks. While opening RDP ports to the Internet was uncommon a few years ago, in the age of cloud computing it has become the de-facto standard when creating cloud Windows instances.
Back in September our own Cameyo research revealed that the average internet-connected server faced 150K brute force-triggered password attempts per week, performed by automated bots, scripts, viruses and zombie machines. Since then, we have been using our RDPmon solution to monitor our own environment. The result?
There are (at least) 7 million reasons you should still be concerned about RDP security.
In less than 6 months, Cameyo’s RDPmon recorded 7 million RDP password attempts on our ‘honeypot’ server. That means that the average number of brute-force triggered password attempts over the past 22 weeks is over 318K attempts per week. In reality though, the increase is exponential – at first, only a few bots attempt to connect every few hours, and then as soon as they detect your RDP port as being exposed, they make more and more attempts, resulting in an exponential increase over time.
As a reminder, RDPmon is an open-source solution that provides the entire industry a free, powerful tool for monitoring attacks so that IT professionals can quickly identify and understand these threats – providing the critical data they need to mitigate the issues. The free, open-source RDPmon tool is for any organization that utilizes RDP or Citrix and wants to monitor and identify all RDP brute force attacks so that they have a complete view of what needs to be addressed in their environment. And any organization can easily download and install RDPmon for free here.
As for protecting against these attacks, that’s where Cameyo’s RDP Port Shield technology comes in. RDP Port Shield protects against brute force attacks and ransomware by automatically closing all RDP ports to the entire world, and then dynamically opening and closing them specifically to authenticated users (based on white-listed IP addresses) only when needed.
Cameyo RDP Port Shield is the first security solution capable of automatically and dynamically opening and closing RDP ports on-the-fly at the Windows Firewall level, rather than statically. Unlike other solutions that keep RDP ports open only to a pre-defined number of IPs – thereby limiting cloud and geographic flexibility – Cameyo proactively closes the RDP port at the Windows Firewall and only opens it if/when needed based on a validated user’s IP, authenticated through Cameyo’s central portal.
And the best part? RDP Port Shield is completely free for all Cameyo customers. No action is required to utilize this feature – it is active for all users of the Cameyo platform, and is included at no additional cost.
Every day there are dozens of new articles about the barriers to cloud migration, and security concerns are yet another roadblock. But it doesn’t need to be this way. By enabling every organization to easily monitor and identify RDP attacks, and by proactively protecting our customers from these RDP vulnerabilities, Cameyo is removing yet another barrier to cloud migration – all while making it simple for you to deliver all of your critical applications to any device, from the cloud.
Want to see it in action? Start your free trial today to see for yourself and to get a demo.