Mitigating RDP and VPN Vulnerabilities to Reduce Ransomware Attacks

In the wake of a long string of ransomware attacks including the Colonial Pipeline, JBS Meatpacking, Kaseya, and Accenture, organizations of all sizes are on high alert when it comes to cybersecurity. 

But in a world where enabling hybrid & remote work is critical due to the pandemic, protecting against ransomware, brute force attacks, and malware has become increasingly difficult. And the primary culprit in these situations is remote desktop protocol (RDP), which many organizations are using to enable remote access for their employees’ endpoints.

The problem is that existing remote access technologies (Microsoft RDP, Citrix, etc.) were born in an era of implicit trust where users are either all the way in, or all the way out. These technologies require organizations to either open up ports in their firewall to give people access, or to put everything behind a VPN. Both scenarios introduce significant security risks. 

This is why we’ve developed a new technology we call Secure Cloud Tunneling that uniquely solves this problem by enabling organizations to utilize Cameyo for secure application delivery outside of the VPN, without opening any ports in their firewall. Cameyo’s Secure Cloud Tunneling expands upon our native Zero Trust security architecture and provides the most secure access to business-critical applications on any device while reducing the attack surface for any organization with remote & hybrid workers.   

Our goal with Secure Cloud Tunneling is to help bridge the gap between the competing needs of today’s IT and security teams. Today’s IT teams are dealing with constant and rapid change, and they need solutions that enable them to be nimble in dealing with those changes. On the other hand, Security teams need to be even more methodical than ever to ensure that remote & hybrid workers are just as secure from ransomware attacks outside the corporate network as they are outside. 

Secure Cloud Tunneling provides the best of both worlds, giving IT teams the ability to be flexible without requiring any compromises in cybersecurity. Organizations can now securely deliver all of their applications – legacy Windows, internal, and SaaS – to any device without introducing a new attack vector that can be exploited by cybercriminals and threat actors.  

Helping Protect Against the Surge in Ransomware Attacks

Cybersecurity firm Kaspersky reports that from 2019 to 2020 there was a 767% increase in ransomware attacks, while Check Point 2021 Cyber Attack Trends mid-year report shows another 93% increase from those elevated numbers in the first six months of 2021. And research from Palo Alto Networks shows that Remote Desktop Protocol (RDP) has been the primary attack vector in 50% of all ransomware attacks since 2018.

Cameyo’s Approach to Native Zero Trust Security

Here at Cameyo we believe that for a solution to provide true Zero Trust security, Zero Trust must be foundational and systemic. Our platform was designed from day one as a native Zero Trust system where all security capabilities are baked into the core of the platform, never treated as an additional or optional layer.

In addition to the new Secure Cloud Tunneling capabilities announced today and our existing NoVPN and Port Shield technologies, our single Zero Trust security architecture includes:

  • Device Access Control – Cameyo never trusts any device (even managed devices) because those devices can be compromised. Cameyo gives users secure access to the apps they need to be productive while providing complete isolation between devices and their organization’s network/data. 
  • Segmentation – Even once users are in a session, Cameyo segments that session from customers’ networks and data to ensure ongoing separation. 
  • Prevention of Lateral Movement – Even in the case where a device has ransomware or malware, that malware cannot reach the customer organization’s network/data, nor can malware on their systems reach the Cameyo system. 
  • Always-On Monitoring & Validation – Cameyo utilizes non-persistent servers, so all customer user data is wiped from the Cameyo server every time the user logs out. 
  • Least Privilege – With Cameyo all traffic is encrypted and apps are delivered from a secure HTML5 browser, separating the user’s device from the corporate network and eliminating the need for VPNs. Cameyo also utilizes Windows Terminal Services and temporary user profiles, ensuring users are unable to access admin privileges, settings, and files.
  • Identity & Access Management – Cameyo integrates with the customer’s Single Sign-On (SSO) provider of choice, and the Multi-Factor Authentication (MFA) they have set up with their SSO applies to Cameyo.

Whether you’re concerned about cybercrime involving phishing, backdoors, antivirus/malware issues, RDP attacks, brute force attacks, preventing data breaches or likely all of the above, it’s clear that hybrid work requires a complete revamp of how we think about and approach security. With the shortcomings of past and current solutions in mind, here are some things to consider going forward: 

  • Limit your attack surface: The more moving parts a solution has, the more potential points of exploitation it offers to rogue actors. Organizations, regardless of their size or sophistication, need solutions that eliminate the need for additional gateways and appliances that can inadvertently become security risks.
  • Control your ports: Many remote technologies leave RDP ports open by default, which leaves your network vulnerable to brute force attacks. Your remote and hybrid work solutions should help lock down your ports by design, not haphazardly leave them open.
  • Eliminate VPNs: VPNs simply create a secure tunnel between a user’s device and the corporate network. That model is based on implicit trust of the user. But if that user is on a personal device that’s riddled with malware, VPNs become a liability as they enable the user’s infected machine to access your corporate network and data.
  • Keep it clean: When your remote and hybrid employees are using remote technologies to access their apps and files, their user data must be deleted from the server every time they log out. That way, in the unlikely event that the secure browser is compromised, the hacker only has fleeting access to the user’s session.

To learn more or to see for yourself how Cameyo can help you meet your Zero Trust security goals while enabling ultra-secure remote & hybrid work, schedule a demo or get started with a free trial.

ISO 27001 Certification

In addition to today’s product news, we’re also announcing that we’ve achieved ISO 27001 Certification, the world’s most prestigious Information Security Management System (ISMS) certification. Cameyo’s ISO Certification was achieved after an extensive third-party audit and evaluation of our platform confirmed that Cameyo meets the highest standards when it comes to establishing, implementing, maintaining, and improving its information security at all levels. Maintaining ISO 27001 certification requires an ongoing audit cycle that will ensure Cameyo’s Information Security Management System continues to meet the highest standards.

Learn more and check out the full announcement here.