Resources

GCHQ warns that RDP and VPN are now the largest ransomware vulnerabilities

Written by Will Shaw | Mar 14, 2022 9:52:34 AM

The NCSC’s 2021 review acknowledged the COVID-19 fuelled global shift in business and government towards further digitisation and digitalisation, effectively moving to online and cloud solutions, whilst solving many problems, also caused many headaches.

The shift effectively created an increased surface area available for attack, which was exploited by both hostile states and cyber criminals alike, with ransomware being the attack of choice in the majority of cases.
To quote the NCSC, “VPN vulnerabilities: Since 2019, multiple vulnerabilities have been disclosed in a number of VPN appliances (for example Citrix, Fortinet, Pulse Secure and Palo Alto). Ransomware actors exploit these vulnerabilities to gain initial access to targeted networks.” The short version is that VPN really is not the last word in security.

To quote the NCSC again, “Remote Desktop Protocol (RDP) remains the most common attack vector used by threat actors to gain access to networks. RDP is one of the main protocols used for remote desktop sessions, enabling employees to access their office desktop computers or servers from another device over the internet. Insecure RDP configurations are frequently used by ransomware attackers to gain initial access to victims’ devices.” RDP can be a great solution to many requirements, but time and time again it is being demonstrated to be lacking in adequate security.

Panic not though! Awingu to the rescue! If you have an RDP solution, you know that it is probably not going remain secure, Awingu can help. The Awingu system uses HTTPS/HTML5, working in a browser, rather than using the RDP protocol. MFA is added and only port 443 is required.

The short version is Stop exposing RDP in the open. Add Awingu in front.