Cameyo Blog

  

Protecting Against the Spike in Remote Work-Focused Ransomware

August 25, 2020
By Robb Henshaw

A recent post from Catalin Cimpanu (@campuscodi) at ZDnet cites two separate reports - both of which highlight the fact that ransomware attacks are at an all-time high as ransomware groups target remote workers. Image for a blog post about ransomware and remote work

According to two recent reports in recent weeks from Coveware and Emisoft, even though there have been highly-public attacks targeting unpatched Citrix servers and Pulse Secure VPN servers, the #1 cause of ransomware attacks is still compromised Remote Desktop Protocol (RDP) endpoints. Both reports list RDP as the most popular intrusion vector thus far in 2020.

ZDnet does a good job of pointing out that it is not accurate to say that RDP is the top ransomware vector just because of remote work. RDP has been a top attack vector for a couple of years now - but the rise in remote work does exacerbate the problem. 

In fact, here at Cameyo, we see RDP risks and VPN issues as the one-two punch that is driving the spike in remote work-focused ransomware attacks.  

A 2019 McAfee Labs Threat Report revealed that exposed and unsecured RDP ports were the primary reason for the 118% increase in ransomware in the first quarter of 2019 alone. So most organizations were already aware that remote workspace solutions that left RDP ports unsecured were a major risk. 

But when the pandemic hit, companies needed to quickly enable people to work from home while maintaining access to their applications and files, so many organizations simply started putting remote & virtual desktop solutions behind a corporate VPN for an added layer of security. But there are several key issues with this approach:

  • VPNs Are Also a Security Issue - As the ZDnet article highlights, VPNs have become the next primary attack vector in 2020. This is partly due to the fact that so many severe vulnerabilities in VPN appliances have been disclosed by Pulse Secure, Palo Alto Networks, Fortinet, Citrix, F5 and more. 
  • Compounding the Issue - By utilizing VPNs to try and secure virtual desktop technologies with unsecured RDP ports you could actually be increasing the threat surface, rather than reducing it. By forcing remote employees to connect to your company’s internal network via VPN, you’re simply introducing personal devices (or corporate-owned devices that may have been exposed to something on a home network) to your environment, putting your entire corporate network at risk. Add this to the fact that home networks are easier targets for hackers than enterprise networks.
  • The User Experience Degrades Productivity - In addition to the compounded security concerns, having employees first connect to a VPN and then connect to a virtual desktop solution results in a terrible user experience. This isn’t ideal from a security OR a productivity perspective.  

Ultimately, the issues with RDP and VPNs highlight once again the fact that utilizing remote & virtual desktop solutions with unsecured RDP ports for enabling remote work is not only overkill when trying to make your people more productive, but it can actively increase risk. And by trying to compensate with VPNs, you may inadvertently exacerbate the issue and increase the attack surface.   

Cameyo was built from day one with security at the foundation of our Digital Workspace platform. With Cameyo’s approach to virtual application delivery, we reduce your attack surface through a combination of our RDP Port Shield and NoVPN capabilities. This approach enables you to give your people access to their critical applications within the corporate firewall but without the need for VPNs, and with the only platform that dynamically opens and closes ports as needed to give only authenticated users access to the applications and resources they need. 

Let’s dig in a little deeper on each of these technologies and how they address the concerns related to both RDP and VPNs. 

RDP Port Shield

Cameyo’s RDP Port Shield is a unique tool for protecting against brute force attacks and ransomware. It automatically closes all RDP ports to the entire world, and then dynamically opens and closes them specifically to authenticated users (based on white-listed IP addresses) only when needed. 

To date, Cameyo RDP Port Shield is the first security solution capable of automatically and dynamically opening and closing RDP ports on-the-fly at the Windows Firewall level, rather than statically. Unlike other solutions that keep RDP ports open only to a pre-defined number of IPs - thereby limiting cloud and geographic flexibility - Cameyo proactively closes the RDP port at the Windows Firewall and only opens it if/when needed based on a validated user's IP, authenticated through Cameyo's central portal.

Cameyo NoVPN

Cameyo NoVPN simply gives remote workers access to a browser behind the firewall, so they can easily access their company’s internally-hosted web apps via Chrome or any HTML5 browser, but with the added security of accessing those from behind the corporate firewall. NoVPN utilizes Cameyo’s Self-Hosted service, which can be installed in minutes on any Windows Server 2016 or 2019 without extra components or prerequisites. Once installed, the IT admin simply generates a NoVPN URL from their new server’s page in Cameyo’s cloud portal. Remote workers can then access the company’s web from this URL (or set a shortcut on their desktop), just as they would if they were within the corporate network. The result is a seamless user experience without connectivity or network performance issues which are common to VPNs.

With Cameyo NoVPN, organizations benefit from:

  • Increased Security - By separating remote workers’ personal devices from the corporate network while still giving them access to the applications they need, Cameyo NoVPN eliminates the risk of people’s devices infecting the network. 
  • Improved Productivity - By eliminating the frustrations people experience with VPNs, Cameyo NoVPN enables remote workers to be far more productive without lag or disruptions to connectivity.
  • Better User Experience - Cameyo NoVPN doesn’t require the user to install anything or change their behavior in any way, providing a seamless user experience.

Especially as most organizations move from a mindset of temporary remote work to this becoming a longer-term situation for most (and a permanent situation for some) - it’s time to rethink your approach to security to ensure that it is taking into consideration the explosion of ransomware and the role that RDP and VPNs play in that security risk. It is critical that you implement solutions that can reduce your overall attack surface, but do so in a way that doesn’t decimate your people’s productivity. 

Cameyo’s secure Digital Workspace solution enables you to provide access to all of the business-critical Windows and internal web applications your people need to stay productive - regardless of where they are or what device they are using - without the need for VPNs. And it does so with our innovative Port Shield technology at the core, securing the RDP ports that many remote & virtual desktop solutions leave wide open. 

If you’re looking for a solution that can help you enable remote work while reducing your attach surface and reducing the cost of your existing remote technologies, get started with your free trial of Cameyo now and we’ll show you how you can get started in minutes.

Filed Under: RDP Issues, Virtual Desktops, Security, Citrix, VPN