The number of ransomware attacks using RDP as the attack vector has increased sharply during the COVID lockdown.
As the number of staff working remotely exploded during the COVID lockdown, criminals were quick to respond by targeting Remote Desktop Protocol services with ransomware. For example, Group-IB recently reported that the Dharma ransomware-as-a-service was being used by obviously inexperienced ‘hackers’ operating out of Iran to target companies in Asia.
The primary attack vector for ransomware into businesses is either malware laden email or RDP – depending on the target company size and whether the research comes from a vendor hawking email protection or RDP protection. However, security managers needs to address both attack vectors as between them they account for over 90% of all attacks according to a report from Coveware.
Along with the increase in targeting RDP, has come an understandable focus on the vulnerability of the VPN tools that protect those RDP connections – for example the Pulse Secure VPN vulnerability (CVE-2019-11510) meaning it is critically important to ensure security appliances and VPN endpoints are patched promptly each month.