Rise in RDP attacks as hackers target at remote worker

Geek Speak

Cyber Crime has had an 894% increase in brute force attacks on Remote Desktop Protocol (RDP)  servers during the pandemic.  These attackers have exploited remote login credentials, as many employees have worked from home as a necessity to do their job.  

Harry Brelsford of SMB Nation sits down with  Tony Anscombe at ESET to share the threat landscape and what MSP’s should be encouraging their customers to do to protect their businesses. 

 

Tony A

 

 

Video Transcription

Harry Brelsford 

Hey nation nation, Harry here and I'm with my good friends at East set it in fact, it's been too long. Since I've chatted with them. Community members are remembered by litter demon Shelly recently joined East set a few months ago. And that actually led to some connections with Tony Anscombe. How're you doing Tony?

Tony Anscombe 

On good Harry, and it's great to be here on SMB Nation.

Harry Brelsford 

Yeah, ya know, my pleasure. And it's, it's been too long. So you recently did a survey with over 1200 participants. First of all, I do a little bit of surveying. That's a big number in this day and age in SMB. That congratulation sets up that takes some work to get that many responses.

Tony Anscombe 

It certainly does. And it's important that you have enough data to make the survey meaningful, as you will know.

Harry Brelsford 

Tony AnscombeYeah. Yeah. And what was the cert let's let's talk at the 10,000 foot level. What was the survey about?

Tony Anscombe

Yeah. Yeah. And what was the cert let's let's talk at the 10,000 foot level. What was the survey about?

Tony Anscombe 

Well, if I had to turn it in one sentence, Heriot Watt, I turn and say is what we wanted to understand was the attitude towards cybersecurity for small and medium businesses, or I say attitude of, you know, whether that's budget, what they think is their current risk, you know, what they're actually putting in place, etc. So kind of that overarching umbrella of how they feel about cybersecurity.

Harry Brelsford 

Yeah, yeah. Interesting. And one of the things that stood out for me was, and again, my listeners are going to finally recall my career at Microsoft was Small Business Server. Right behind me, we were pioneering I mean, this is like, that's the 2003 release. And we had some workspace UI interfaces. And it's basically the RDP protocols. Right. And I'll never forget port 3389. Man, I mean, that was opened. And your survey double clicked into that, that, I believe, was nearly three quarters of the respondents identified RDP as a security issue. Let's, let's talk about that. Expand on that.

Tony Anscombe 

Tony AnscombeWell, as you said, you know, a big chunks, so said they viewed RDP as a risk. And the problem is, is RDP has become very prevalent over the last two or three years, because obviously, I'm not wishing to harp on about pandemics and remote access and working from home because I think we've all heard way too much about that. But if we look at the site, cybercrime, statistical numbers behind the increase in RDP attacks, from the start of the pandemic, to the end of 2021, we saw an 894% increase in brute force attacks against RDP servers. Now, to put that into numbers, that was I think it was 100. I think it's 123 billion attacks are well over 100 billion attacks in the first quarter, first four months of this year, and then it kind of tells off and it tailed off for for a number of reasons. Microsoft put some protections in there. I think people went back to the office. And there's a lot of reasons why that that tailed off. But it's clear that the SMB has understood that this is a something that could be attacked, and understand that there's a risk in there. What was shocking was 77% of those SMBs terrorists, I want you to continue to use RDP despite knowing that there's over overarching security risk with it. And to add to that, and I think even more shocking, and this is something Yeah, I challenge every MSP and reseller out there to go fix by the way, 50% of the 77% said they're gonna continue to use it. Don't use multi factor authentication to secure it. And this is like, this is an easy win.

Harry Brelsford 

Yeah, yeah. Yeah, no kidding. Um, what's your job? But he said, what's, what's a week in the life of Tony like?

Tony Anscombe 

hectic? So I I'm the chief security evangelist, I work for actually work for our HQ officer out of Slovakia, but I'm based here in the US, okay. And I speak to lots of people like you, Harry, and talk on radio and TV as well. But I also have what I define as a day job. I represent a set to some of the major technology companies such as Google and Microsoft, etc. And as you'd expect, we have very significant technology relationships with people like that. I also get involved with some of our relationships with people like ces or so the federal government for security, intelligence, and such like as well. So I have what I think is kind of the dream job. Because I can go off talk to technology companies, governments, I go go off to lots of events and speak. So yeah, I love my job.

Harry Brelsford 

Yeah, yeah, no, I get it, I get it. It's almost like you're an evangelist. Or maybe maybe that's an outdated term. I mean, I know you do more than evangelize the the East set solution set. Let's talk about events. Would would you find yourself we're recording this the week after Thanksgiving? And it'll be posted up later. But would you find yourself at the AWS reinvent conference that's occurring this week in Las Vegas, there's not a bridge too far for your audience. That's not quite the right audience.

Tony Anscombe 

That may be a bridge too far. But however, saying that, it all depends. So I never talk about our products. If you want to talk about products, go talk to a salesperson and product manager or sales engineer. There's lots of people in our company that can talk to you about our products. I always talk about the industry, the the risk, the risk, policy as well, policy is changing, as we know, continually. Yes, there's not it's not inconceivable that I might end up on a panel that something like that event, let's give you an example of some recent events, I've been at security leaders Exchange, which was held down in Florida, that that was, that's a super interesting event, because it's one to one with CISOs of major, major companies enterprise based. But then if I if I go to the other end of and pick off, I recently presented at sector in Toronto, which is a technical technical conference, about the threat landscape, etc, etc. So it's both ends of the high level and down into the weeds as well of the technology as well. But like I say, I tend not to get involved in our product. And talk purely about cybersecurity, the trends in it, the policy, what we're seeing, and what's important for the people on the ground in these enterprises trying to protect themselves.

Harry Brelsford 

Yeah, and I applaud that, you know, all too often on my podcast, and then just life and generally, you've seen it at events. You know, you get a subject matter expert up on stage, and they start talking product, and the audience is like, Oh, my God, a product pitch, you know. So it sounds like you're you're on the right side of the equation that you're educating, you know, what I'm trying to say?

Tony Anscombe 

I know exactly what you're trying to say, Harry. So let me give you a piece of my career history here. I was a network manager back in back in the 90s. And I worked for a number of organizations. And I hated it when people came into my office and did that. Yes. So I just vowed not to do it to other people. Yeah, if I had, I think I was known for walking a few people out of my office. So I'm probably not a very, very patient person with things like that.

Harry Brelsford 

Well, that's all right. Well, as I as I told you, in our rehearsal, I'm now based in Austin, Texas, after a career in Seattle, but that's not a Texas accent that you have. UK British.

Tony Anscombe 

I'm a Yeah, I'm from the UK from from Great Britain, and moved out to the US back in 2011. So somewhat acclimatized.

Harry Brelsford 

There you go. Well, you know, we played good hard the other day in the World Cup and hopefully, fingers crossed, hopefully both Wales in in the US can advance. Who knows, but it's, it's been fun.

Tony Anscombe 

Well, let's be clear. We're recording this the day before the next game? Yeah, I'm hoping England will be Wales tomorrow, purely to make some mental elevation into the playoffs?

Harry Brelsford 

Yeah, yeah, absolutely. Well, let's do this. Tony, let's get you back. You know, in 2023, lists, maybe check in with your mid year, see what's new. See how you're doing. Okay. And we'll, we'll get you back.

Tony Anscombe  

That sounds great. Can I just add something about our survey, Harry that I feel is really important. One of the things that was missing in the SMB sector, if you look at the data, was companies aren't running a cybersecurity audit frequently enough. So over half didn't run a cybersecurity audit in the last 12 months. And to me, this is you know, whether you're an MSP or reseller, whether you're an end user listening to this, if you if you're in the channel, and you've got customers, this is fundamental. You know, if you don't understand what you need to protect, then you know your protection is going to be lagging behind. So go run this at least once a year. At least once a year, I make sure cyber resilience plans are updated. And all those policies and processes are in place. Because it's so important because you don't want to be on the backfoot. Should you end up with a cyber incident?

Harry Brelsford 

Yeah, yeah. No, thank you. Thank you for that. I always liken that to, and I'll end on this. And again, I, I tend to go back way too far into the past to make a point with analogies but survey, a site survey, an audit, stuff like that, is akin to the example I used in yesteryear about providing training on site for your customers to use the actual products, call it Microsoft Office or whatever. But Tony, what we found, and is that it can be an incremental 10% of your revenue with that client, right? If you just look for additional services, you could provide and then increase their productivity. Now, I know it's a loose analogy, but you get the point.

Tony Anscombe 

I absolutely. I absolutely get the point. You know, I think it's low hanging fruit for for the challenge to get to go and provide the services. The other thing I'd be looking to add if I was running an MSP, I think I'd be trying to take off some of the bureaucracy burden that's coming in it cyber incident disclosures and things like that, and take some of that away from the customer as well. Yeah, I think there's a lot of services you can add on around the cybersecurity sector that would be really useful.

Harry Brelsford 

All right, well, hey, let me be the first to offer Happy Holidays to you. And like I say, well, we'll check in about mid years, see what's new, what's going on in the landscape. Thank you, Tony.

Tony Anscombe 

I look forward to it. Harry. Thank you.