Cybercriminals continue adding sophistication to their attack methods, targeting Financial Services and presenting a real threat to business continuity, requiring special vigilance and proper Cyber defense.
The Advisory department of the Monetary Authority of Singapore has noticed growth in cyberattacks globally targeting Remote Desktop Services (RDS) formerly known as Terminal Services. Several instances of malicious actors carrying out brute force attacks against exposed Remote Desktop Protocol (RDP) were discovered on the Internet. The Remote Desktop Protocol has been known since 2016 as a way to identify and exploit vulnerable RDP sessions through Internet without any user interaction to steal personal data, login credentials as well as install ransomware attacks.
In addition, the number of malicious scan operations to detect vulnerable remote desktop instances has increased in recent months.
Earlier this year Microsoft has revealed five important remote code implementation vulnerabilities in the Windows Remote Desktop Services package. An attacker who successfully exploited the vulnerability could gain an initial foothold into the victim’s network, and eventually spread across other internal systems, triggering remote code execution on the targeted system, and to inject malware to further infect computers within same network.
In regard with above, MAS outlines appropriate measures for Financial Institutions to prevent future cyber-attacks through Remote Desktop Protocol.
Here are some of the examples of measures advised by MAS:
a) Limit and regulate the use of RDP connections (disable RDP on systems where it is not required);
b) Apply the relevant security patches on remote desktop services in a timely manner;
c) Enable strong security controls on remote desktop services, such as:
- Multi-Factor Authentication (“MFA”)
- Robust password and account lock-out policies
- Network Level Authentication (“NLA”)
- Virtual Private Networks (“VPN”)
d) Review and monitor RDP connections for suspicious activities;
e) Perform regular scanning to detect vulnerable or non-compliant remote desktop instances.
Listed above are some basic measures to protect your business against Network Intrusion through RDS and protect your digital assets and avoid regulatory investigations, reputational & financial losses.
If you would like to know more on how to implement any of the measures advised by MAS, please get in touch with one of our experts.