Increased Cybercriminal Activity For Small Businesses Using Remote Access Tools

What do cybercriminals gain out of this?
The most popular hacking method nowadays is ransomware. This means that cybercriminals are getting rich by encrypting your files and asking for a ransom in order to give you the decryption key. Simple, effective & very successful. Ransom amounts have been known to reach up to AUD$8,000. A recent report from antivirus company McAffee Labs show that the number of detected Ransomware had doubled between 2014 to 2015. This increase is predicted to continue through 2016 with Antivirus software unable to stop Ransomware attacks.
To make things even more difficult, cybercriminals will also wipe your backups clean if it is connected to your business network, so you won’t be able to go around the problem. That’s why it’s important to have an offline backup (not connected to the computer/server) or a separate password to access the backup software and location.
According to CERT Australia, the cybercriminal activity has intensified within the last 6 months and the Windows Remote Desktop Protocol systems are not the only ones at risk. Every server or computer that has a poor security system can be accessed with a bit of work. According to CERT Australia, cybercriminals seem to be more interested in delivering ransomware software via attacks than via email (the most popular channel up until now).
Stay safe
Even though all this sounds scary, there are ways to make sure you won’t be the next victim of this wave of cybercrime. The recommendations issued by CERT Australia are:- Avoid the Windows RDP or VNC (Virtual Networking Computing) or similar tools that allow you a remote connection with your server when you are not protected by a VPN.
- Check your passwords and improve their strength. Also, avoid using the same password for several accounts. Change passwords regularly.
- Use a two step authentication system for the remote access to your server
- Make sure you are keeping detailed logs. This way, in case something happens you will know where the damage is.
- Improve your backup system and make sure you are keeping a copy offline.
What we recommend
While the recommendations above should be followed to the letter, there are other ways to protect your business. For instance, it may be difficult to check if someone has enabled Remote desktop or VNC vulnerabilities on the network. However you can do a quick check by going to a website and see if the necessary ports are open in your firewall which make your business vulnerable. The website is //www.canyouseeme.org/. All you have to do is enter the following ports to see if they are exposed to the internet.- RDP (Remote desktop) port number: 3389
- VNC port numbers: 5800 & 5900
- Success: I can see your service on ip address on port (xx). This means you have failed the test and your ports are exposed to the internet. This is an urgent issue as you are vulnerable to this attack so have your IT fix it right away or call Onsite Helper.
- Error: I could not see your service on ip address on port (xxx). This means you you are safe for now. There is still a chance that there are non default ports open for remote access so it is a good idea to have your firewalls reviewed for your own peace of mind.