Ransomware continues to be a top threat to both individuals and enterprises. And protection against it is more important than ever.
So, it is definitely good news that Cameyo, an application virtualization software-as-a-service platform, is launching a new RDP Port Shield security technology together with a free open-source monitoring tool. The products could be utilized by any organization willing to identify attacks over RDP (Remote Desktop Protocol).
More about Cameyo’s RDP Port Shield
The RDP Port Shield is said to be the first built-in technology designed to automatically close RDP ports, and to dynamically open and close them to authenticated users, based on white-listed IP addresses.
According to Andrew Miller, Cameyo’s co-founder and CEO, “organizations of all sizes face a myriad of roadblocks on their way to digital transformation, and the security concerns surrounding cloud migration – especially in light of the dramatic rise of RDP-based attacks — are top of mind for executives in every industry.”
Cameyo understands that the productivity gains of virtual application delivery cannot come at the cost of security, and we have built the Cameyo platform from the ground up to protect our customers and their users. We created RDPmon because we believe the ability to identify the RDP-related vulnerabilities in your environment should be freely available to all. And RDP Port Shield is just the latest of our security advancements as we continually protect our customers from an evolving threat landscape, Miller added.
The technology is designed to help monitor and identify brute force attacks and prevent ransomware attacks. In addition, Cameyo is also releasing another free, open-source tool – RDPmon. The good news is that rganizations can download and install RDPmon on an RDS/cloud server for free via GitHub.
After a guided configuration, IT admins will be provided with a tab showing the total number of attempted connections to their servers, as well as a tab that identifies the applications in use on each server, the number of people using RDP, and the programs being utilized by each user.
Attacks over RDP a Real Threat
An example of such an attack is the so-called GoldBrute, a botnet that scans the internet and attempts to locate poorly protected Windows machines with RDP connection enabled.
The botnet was discovered by security researcher Renato Marinho of Morphus Labs who says that it has been attacking 1,596,571 RDP endpoints. In June, the GoldBrute botnet was bruteforcing a list of about 1.5 million RDP servers exposed to the Internet It’s important to mention that Shdoan lists about 2.4 million exposed servers, and GoldBrute is deploying its own list. The botnet was actively extending the list while scanning.
Earlier this year, in March, researchers discovered that the group behind the GancCrab ransomware had been advertising GandCrab to individuals with remote desktop protocol (RDP) and VNC (Virtual Network Computing) skills, and spam operators who have experience in corporate networking.
Finally, it turns out that RDP/TCP is one of the most targeted ports in cyberattacks, which was also targeted by the BlueKeep exploit. The BlueKeep attacks were carried out out by checking if the RDP protocol port (3389) is accessible from the Internet and the service is turned on. When these two conditions are met and the system is not protected from the flaw, it can easily fall victim to the threat.