Small businesses are prime targets for malware. According to eSecurity Planet, small and midsized businesses (SMBs) lost $75 billion to ransomware attacks last year. These businesses are also caught in the crosshairs for new and evolving malware strains, since they often lack the IT staff and security controls necessary to detect and combat threats.

Ransomware Attacks Target SMBs

According to Naked Security, the largest company targeted by recent remote desktop protocol (RDP) attacks had 120 people and the smallest had fewer than 30. The attack methodology wasn’t exactly complex: Cybercriminals used publicly available tools to scan for internet-facing remote desktop ports. They then leveraged commonly used passwords to crack weak security and gain access.

Once behind IT defenses, attackers made their own admin accounts to ensure that backup access points were still available even if IT staff closed the initial security loopholes. Then it was just a matter of installing software to tweak antimalware applications and elevating privileges using known vulnerabilities before the cybercriminals deployed ransomware attacks and demanded one bitcoin in payment.

Good News and Bad News

The good news? Attackers haven’t seen much profit. The not-so-good news? RDP attacks remain a huge problem for companies — and SMBs in particular.

Consider the recent attacks: Cybercriminals needed zero finesse and barely any effort to crack stock-permission RDP access points and create persistent admin accounts. This gave them the time and space to adjust system settings and prime networks for malware delivery, all while SMB owners and staff were blissfully unaware.

RDP attacks aren’t a new thing; enterprises have been enduring them for years. However, SMBs are especially vulnerable to these attacks because their security staff are often juggling multiple jobs. Rather than focusing purely on security, these teams tend to spend most of their time trying to keep IT up and running. This gives cybercriminals the ideal opening.

All Is Not Lost

The better news? It’s not impossible to prevent RDP attacks. The easiest way to avoid an attack is to shut this service down. Unless SMBs have remote workers using RDP connections daily, the insecurity of stock permissions on internet-facing ports puts companies at risk.

If your business regularly requires RDPs, start by changing the passwords and then watch all admin accounts. If something doesn’t seem right, it’s probably not. It’s better to suspend remote desktop access than to fall victim to a ransomware infection.

Malware-makers love SMBs, and RDP ransomware attacks are often a perfect match for low-motivation cybercriminals looking for an easy mark. Make it harder for cyberattackers by changing passwords right now, monitoring admin accounts and being prepared to shut down RDP on demand.

More from

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…