Because of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN is growing rapidly. Because many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks.
According to statistics from the Shodan search engine, last Sunday, March 29, 2020, the number of RDP endpoints increased from 3,000,000 at the beginning of the year to almost 4,400,000. These data include only endpoints running on the standard RDP 3389 port.
Moreover, according to Positive Technologies, 10% of such resources are vulnerable to the BlueKeep (CVE-2019-0708) problem which allows an attacker to take complete control of a Windows-based computer.
To attack, it is enough to send a special RDP request to vulnerable Remote Desktop Services (RDS). Authentication is not required. If successful, the attacker will be able to install and remove programs in a compromised system, create accounts with the maximum level of access, read and edit confidential information. Vulnerabilities are affected by the operating systems Windows 7, Windows Server 2008, and Windows Server 2008 R2.
This is one of the thousands of vulnerabilities that can be used by attackers. Many more vulnerabilities became more exposed with the COVID-19 shift, due to of use of solutions and softwares.
Remote working can be a great thing for your company and employees but there are risks. In order to ensure the security of your company, its data, and your employees you need to have a foundation laid. This foundation should include updated software, up to date technology, working policy (supplemented by additional information security policies), tools to protect your employees and training to ensure they understand their responsibilities.