November 21, 2017 By Douglas Bonderud 2 min read

Small businesses are prime targets for malware. According to eSecurity Planet, small and midsized businesses (SMBs) lost $75 billion to ransomware attacks last year. These businesses are also caught in the crosshairs for new and evolving malware strains, since they often lack the IT staff and security controls necessary to detect and combat threats.

Ransomware Attacks Target SMBs

According to Naked Security, the largest company targeted by recent remote desktop protocol (RDP) attacks had 120 people and the smallest had fewer than 30. The attack methodology wasn’t exactly complex: Cybercriminals used publicly available tools to scan for internet-facing remote desktop ports. They then leveraged commonly used passwords to crack weak security and gain access.

Once behind IT defenses, attackers made their own admin accounts to ensure that backup access points were still available even if IT staff closed the initial security loopholes. Then it was just a matter of installing software to tweak antimalware applications and elevating privileges using known vulnerabilities before the cybercriminals deployed ransomware attacks and demanded one bitcoin in payment.

Good News and Bad News

The good news? Attackers haven’t seen much profit. The not-so-good news? RDP attacks remain a huge problem for companies — and SMBs in particular.

Consider the recent attacks: Cybercriminals needed zero finesse and barely any effort to crack stock-permission RDP access points and create persistent admin accounts. This gave them the time and space to adjust system settings and prime networks for malware delivery, all while SMB owners and staff were blissfully unaware.

RDP attacks aren’t a new thing; enterprises have been enduring them for years. However, SMBs are especially vulnerable to these attacks because their security staff are often juggling multiple jobs. Rather than focusing purely on security, these teams tend to spend most of their time trying to keep IT up and running. This gives cybercriminals the ideal opening.

All Is Not Lost

The better news? It’s not impossible to prevent RDP attacks. The easiest way to avoid an attack is to shut this service down. Unless SMBs have remote workers using RDP connections daily, the insecurity of stock permissions on internet-facing ports puts companies at risk.

If your business regularly requires RDPs, start by changing the passwords and then watch all admin accounts. If something doesn’t seem right, it’s probably not. It’s better to suspend remote desktop access than to fall victim to a ransomware infection.

Malware-makers love SMBs, and RDP ransomware attacks are often a perfect match for low-motivation cybercriminals looking for an easy mark. Make it harder for cyberattackers by changing passwords right now, monitoring admin accounts and being prepared to shut down RDP on demand.

More from

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today