Computers at educational institutions might contain personal information about students that would be valuable to an attacker. The extended network might include financial data that could be sold or ransomed. Breaching the target computer could grant an attacker access to both data troves, increasing the reward for a successful attack.
A successful breach of a remote desktop system would also allow an attacker to use the target computer or network for nefarious purposes, such as installing malware or using many compromised machines to launch distributed denial-of-service attacks, in which the attacker overwhelms a server with internet traffic to prevent users from accessing online services and sites.
Cyberattackers Can Breach Networks Via Remote Desktops
Computers used for distance learning are especially rich targets because their security can vary considerably and may not be updated regularly to include patches. Some may also be misconfigured, leaving attack surfaces open for a breach. An attacker doesn’t need to breach the institution’s entire network directly, just one computer attached to it that has access to the network.
A significant number of attacks on remote desktop software target weak or reused passwords. While an attacker attempting to brute-force a weak password can be easy to spot, testing out a few already breached passwords for reuse might make them appear to be a normal user who mistyped their password. Virtual network computing is highly susceptible since some variations have an eight-character password limit, making it difficult to create strong passwords and relatively easy to carry out brute-force attacks. VNC is also one of the most popular solutions, making it the low-hanging fruit for large attacks.
Microsoft’s Remote Desktop Protocol — the most commonly used protocol for remote desktop software — is installed (but disabled) by default on Windows. That not only makes it a significant target, it can also be enabled by an attacker during another attack, or a user can be tricked into enabling it through vishing attacks. Around 15% of attacks we observed against RDP used an obsolete cookie, which we believe enables bad actors to identify older, more vulnerable software versions. This would enable attackers to seek out only systems for which known vulnerabilities exist rather than expending effort on systems which may be more secure.
RELATED: Windows 11 offers a new cybersecurity approach for higher education.
How to Secure Your Remote Desktop System
There are simple ways to secure your computers and networks against these threats. Since attackers often target weakly secured or unsecured endpoints, enhancing the security of those endpoints can repel them. Deciding on one solution rather than allowing everyone to choose their own can also assist with securing against and monitoring for potential attacks.
One of the easiest ways to secure your system is to use strong, unique passwords and multifactor authentication. A unique password ensures that even if your password gets stolen from another site or service, a thief can’t use it to breach another network. MFA uses an email address, phone number, or authenticator app in addition to a password to help secure systems by requiring additional steps by users when logging in, thus potentially mitigating attacks against credentials alone.
Security vulnerabilities are identified and patched regularly, making them simultaneously no longer vulnerable in the patched version and known to attackers as being vulnerable in older versions of software. This makes it important to regularly update your software with the latest patches and fixes.
Another way to protect your data is to section off what is accessible by whom. You don’t have to grant remote students access to an entire network, only the specific resources they need. This makes it harder for attackers to gain access to sensitive data or move laterally when a system is compromised.
KEEP LEARNING: What is role-based access control and what does it have to do with zero trust?
Even the best security will fail if users give someone their credentials or fall victim to phishing attacks. It’s important to educate users about proper personal cybersecurity practices. Focus on storing passwords securely, not sharing them with anyone, and knowing how to spot and report phishing.
Finally, having a reliable security monitoring solution in place with a reputable vendor and incident response — whether internally or through the vendor — is crucial. No security solution is 100% effective, so having security professionals that can identify and respond to attacks if and when they happen is key to stopping attackers before they can cause damage and steal data.
link