As Covid-19 continues to wreak havoc globally, companies are keeping their employees at home. To ensure compliance and stay atop security standards, teleworkers have to patch into their company’s infrastructure using remote desktop protocol (RDP) and virtual private networks (VPN). But not everyone uses these solutions securely.
Research by the folks behind Shodan, the search engine for Internet-connected devices, reveals that IT departments globally are exposing their organizations to risk as more companies go remote due to COVID-19.
“The Remote Desktop Protocol (RDP) is a common way for Windows users to remotely manage their workstation or server. However, it has a history of security issues and generally shouldn’t be publicly accessible without any other protections (ex. firewall whitelist, 2FA),” writes Shodan creator John Matherly.
After pulling new data regarding devices exposed via RDP and VPN, Matherly found that the number of devices exposing RDP to the Internet on standard ports jumped more than 40 percent over the past month to 3,389. In an attempt to foil hackers, IT administrators sometimes put an insecure service on a non-standard port (aka security by obscurity), Matherly notes. But this number too has climbed, by around 37 percent, over the same period. With the growing number of cyber-attacks capitalizing on COVID-19 and remote workers, cybercriminals undoubtedly know all too well where, when and how to hit.
Furthermore, the number of servers running VPN protocols on different ports has jumped by a third, from nearly 7.5 million to nearly 10 million. One such protocol is the Point-to-Point Tunneling Protocol (PPTP), an obsolete method for implementing virtual private networks that’s riddled with known security issues. The known vulnerabilities relate to the underlying PPP authentication protocols used, as well as the design of the MPPE protocol and the integration between MPPE and PPP authentication for session key establishment.
Another worrying find is the increase in exposure for industrial control systems (ICS), which typically keep critical infrastructures alive across the globe. Hackers exploiting a vulnerability in ICS applications can have dire consequences for cities and indeed entire nations.