Last week the FBI sent out a Private Industry Notification (PIN) alert to all K-12 schools warning them that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning." (via ZDnet)
And why is this increase in attacks happening? It all comes down to Remote Desktop Protocol (RDP) vulnerabilities. According to the latest McAfee Labs Threat Report, ransomware and brute-force attacks via RDP increased by 118% in 2019. And as the latest FBI warning illustrates, these threats continue to grow.
The primary cause of these vulnerabilities are open/exposed RDP ports. Especially during this pandemic, more schools are opening up their infrastructure to enable remote connections, and they are usually doing that via RDP.
When you enable remote functionality on a Windows server, you open its RDP ports to the outside world, specifically ports 3389, 3387, 3392. From there, if your server is directly connected to the Internet, you are vulnerable to RDP brute-force and vulnerability attacks. While opening RDP ports to the Internet was fairly uncommon a few years ago, in the age of enabling remote access it has become the de-facto standard when creating cloud Windows instances.
Especially in the COVID-19 era where schools need to enable distance learning, you need to deliver uninterrupted access to legacy Windows apps so that your faculty and students can still be productive from anywhere, on any device. But this does NOT mean that doing so needs to leave your network in a compromised state.
Cameyo knows that you need to balance the productivity benefits of remote learning with the ability to ensure security. This is why our Digital Workspace solution was built to deliver all legacy Windows and internal web apps to any device while also protecting against the RDP vulnerabilities that lead to brute force and ransomware attacks.
RDP Port Shield
Cameyo’s RDP Port Shield protects against brute force attacks and ransomware by automatically closing all RDP ports to the entire world, and then dynamically opening and closing them specifically to authenticated users (based on white-listed IP addresses) only when needed.
Cameyo RDP Port Shield is the first security solution capable of automatically and dynamically opening and closing RDP ports on-the-fly at the Windows Firewall level, rather than statically. Unlike other solutions that keep RDP ports open only to a pre-defined number of IPs - thereby limiting cloud and geographic flexibility - Cameyo proactively closes the RDP port at the Windows Firewall and only opens it if/when needed based on a validated user's IP, authenticated through Cameyo's central portal.
RDPmon is an open-source solution that provides you with a free, powerful tool for monitoring attacks so you can quickly identify and understand these threats - providing the critical data you need to mitigate the issues. The free, open-source RDPmon tool is for any organization that utilizes RDP or Citrix and wants to monitor and identify all RDP brute force attacks so that they have a complete view of what needs to be addressed in their environment.
Digital Workspaces and the ability to deliver any application to any student/teacher have become critical in the age of distance learning. But schools also need to ensure that they’re not trading security for remote access. If your school or district needs help ensuring access to all of the critical applications students and staff need from anywhere, on any device - while also protecting against the rise in RDP attacks - Cameyo can help.