2019 has seen a dramatic increase in ransomware and brute-force attacks, with the latest McAfee Labs Threat Report revealing that ransomware increased by 118% in the first quarter of 2019. That access is increasingly being gained via brute-force attacks to open and exposed remote access points such as RDP.
As soon as you enable remote functionality on a Windows server, you open its RDP ports to the outside world, specifically ports 3389, 3387, 3392. So, if your server is directly connected to the Internet, you are vulnerable to RDP brute-force and vulnerability attacks. Cameyo’s own research into brute force attacks revealed that the average internet-connected server currently faces 150K brute force-triggered password attempts per week, performed by automated bots, scripts, viruses and zombie machines. And RDP exploits are also part of the broader security equation, with vulnerabilities such as BlueKeep.
Let’s face it - there are already enough barriers on the road to cloud migration for most organizations. And now, fear of increased security risks (due to open RDP ports) is yet another one to keep you up at night. But if you need to deliver uninterrupted access to legacy Windows apps so that your people can still be productive from the cloud - virtual application delivery is a necessity.
So how do you balance the need to enable and maintain productivity throughout (and after) a cloud migration with the need to ensure the highest level of security for your organization’s data?
This is why Cameyo today introduced two powerful new security technologies to help identify and combat these RDP-based attacks.
To proactively protect our customers from RDP brute force and ransomware attacks, we have launched a new security service, Cameyo RDP Port Shield. And to help every organization better monitor and identify the brute force attacks in their environment, we have released a free, open-source tool called RDPmon.
RDP Port Shield
Cameyo’s RDP Port Shield prevents is a unique new tool for protecting against brute force attacks and ransomware. It automatically closes all RDP ports to the entire world, and then dynamically opens and closes them specifically to authenticated users (based on white-listed IP addresses) only when needed.
To date, Cameyo RDP Port Shield is the first security solution capable of automatically and dynamically opening and closing RDP ports on-the-fly at the Windows Firewall level, rather than statically. Unlike other solutions that keep RDP ports open only to a pre-defined number of IPs - thereby limiting cloud and geographic flexibility - Cameyo proactively closes the RDP port at the Windows Firewall and only opens it if/when needed based on a validated user's IP, authenticated through Cameyo's central portal.
You might be asking how much this new security service will cost, and when you’ll be able to take advantage of it. But Cameyo customers are not required to take any action in order to utilize this new feature - it is now active for all users of the Cameyo platform, and is included at no additional cost.
RDPmon is an open-source solution that provides the entire industry a free, powerful tool for monitoring attacks so that IT professionals can quickly identify and understand these threats - providing the critical data they need to mitigate the issues. The free, open-source RDPmon tool is for any organization that utilizes RDP or Citrix and wants to monitor and identify all RDP brute force attacks so that they have a complete view of what needs to be addressed in their environment.
Any organization can easily download and install the open-source RDPmon on an RDS/cloud server for free from Cameyo's site.
After a quick guided configuration, IT admins will be provided with two views:
- A tab showing the total number of attempted connections to their servers
- A tab that identifies the applications that are in use on each server, the number of people using RDP, and the programs being utilized by each user
RDPmon will also provide insight into unintentional/non-approved software in use on the server. All information collected by RDPmon remains completely private as it remains on-premise in the user's environment - Cameyo cannot access any data.
By enabling every organization to easily monitor and identify RDP attacks, and by proactively protecting our customers from these RDP vulnerabilities, Cameyo is removing yet another barrier to cloud migration by identifying and reducing the threat of brute force and ransomware attacks.
Have any questions or feedback? Let us know!