www.realvnc.com Open in urlscan Pro
54.187.227.204  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to content
 * Support
 * English
   * Deutsch (German)
   * Español (Spanish)
   * Français (French)
   * Portuguese

Menu
 * Support
 * English
   * Deutsch (German)
   * Español (Spanish)
   * Français (French)
   * Portuguese

 * VNC Connect
   
   

 * Solutions
   
   

 * Pricing
 * Download
   
   

 * Resources
   
   

Menu
 * VNC Connect
   
   

 * Solutions
   
   

 * Pricing
 * Download
   
   

 * Resources
   
   

 * Sign In

Menu
 * Sign In

Free trial
 * VNC Connect
   * Products
     * VNC® Connect
     * Instant support
     * Device access
     * Home subscribers
     * VNC® Developer
   * Why VNC® Connect
   * Security
 * Pricing
 * Download
   * VNC® Server
   * VNC® Viewer
   * Single Installer
 * Resources
   * Blog
   * Support
   * Contact us
   * Case studies
   * Partners
 * Company
   * About us
   * Careers
 * English
   * German
   * Spanish
   * French
   * Portuguese

Menu
 * VNC Connect
   * Products
     * VNC® Connect
     * Instant support
     * Device access
     * Home subscribers
     * VNC® Developer
   * Why VNC® Connect
   * Security
 * Pricing
 * Download
   * VNC® Server
   * VNC® Viewer
   * Single Installer
 * Resources
   * Blog
   * Support
   * Contact us
   * Case studies
   * Partners
 * Company
   * About us
   * Careers
 * English
   * German
   * Spanish
   * French
   * Portuguese


 * Sign In

Menu
 * Sign In


 * Sign In

Menu
 * Sign In

Product overview
Why VNC Connect

 * VNC® Connect
 * Device Access
 * Instant Support
 * Home subscribers
 * VNC® Developer

Menu
 * VNC® Connect
 * Device Access
 * Instant Support
 * Home subscribers
 * VNC® Developer

 * Reliability & Performance
 * Security
 * Productivity
 * Flexibility
 * Collaboration
 * Support & Assistance

Menu
 * Reliability & Performance
 * Security
 * Productivity
 * Flexibility
 * Collaboration
 * Support & Assistance


Platforms
 * Windows
 * Mac
 * Linux
 * Raspberry Pi
 * Android and iOS

Menu
 * Windows
 * Mac
 * Linux
 * Raspberry Pi
 * Android and iOS

Industries
 * Education
 * Computer software
 * Manufacturing
 * Healthcare
 * IT and services
 * Communications
 * Transportation
 * Construction

Menu
 * Education
 * Computer software
 * Manufacturing
 * Healthcare
 * IT and services
 * Communications
 * Transportation
 * Construction

Use cases
 * Remote desktop
 * Instant customer support
 * Remote vendor access
 * Medical device access
 * Remote learning and training
 * POS device access
 * Remote lab access
 * Work from home

Menu
 * Remote desktop
 * Instant customer support
 * Remote vendor access
 * Medical device access
 * Remote learning and training
 * POS device access
 * Remote lab access
 * Work from home


VNC® Connect
 * VNC® Server
 * VNC® Viewer
 * Single Installer

Menu
 * VNC® Server
 * VNC® Viewer
 * Single Installer

Related downloads
 * Policy template files
 * VNC® Permissions Creator

Menu
 * Policy template files
 * VNC® Permissions Creator


Knowledge base
 * Support
 * How-to guides
 * Contact us

Menu
 * Support
 * How-to guides
 * Contact us

Marketing
 * Blog
 * Competitor comparisons
 * Marketing resources
 * Case studies
 * Partners

Menu
 * Blog
 * Competitor comparisons
 * Marketing resources
 * Case studies
 * Partners



Home » Blogs » The role of remote access in cyberattacks and what you can do
about it


THE ROLE OF REMOTE ACCESS IN CYBERATTACKS AND WHAT YOU CAN DO ABOUT IT

You intrinsically know and believe that if you leave remote access exposed to
the Internet, you increase your organization’s attack surface.
 * RealVNC
 * February 22, 2022
 * 6 min read




And yet, organizations utilizing as simple implementation as opening TCP port
3389 so Microsoft’s built-in Remote Desktop Services can function are doing so
in droves. According to cyber insurer Coalition’s Cyber Insurance Claims
Report, the number of organizations with RDP enabled when they applied for cyber
insurance nearly doubled when comparing the first half of 2020 to the same
period in 2021.

And it makes sense to see so much remote access enabled today; organizations
need to provide a way for their remote workforce to continue to be productive
when working outside the office. You likely use remote access also as a means to
logically move within the business network, enabling IT teams to support all of
the locations remotely.

But, just as you see remote access as a means to elevating the productivity of a
remote workforce, the reality is that cybercriminal associations are keenly
aware of this. They have found plenty of ways to take advantage of the very same
benefits you now enjoy from having remote access enabled within the company.

In this blog, I want to take a look at exactly how forms of remote access (that
include Microsoft’s Remote Desktop Connection and even a dash of built-in tools
that allow the threat actor to work entirely remotely without even gaining
access to the desktop of the compromised machine) are used within cyberattacks,
as well as discuss what steps you can take to mitigate the risk created through
remote access.

I want first to mention that despite often having differing names, such as data
theft, ransomware, and malware attacks, cyberattacks tend now to use the same
tactics, techniques, and procedures, with the difference being the final action
that defines the specific cybercrime. So, as you read through this article and
you see, say, a stat about ransomware attacks, I want you to think of ALL
cyberattacks.

So let’s start by looking at how Remote Access is used in cyberattacks today.


1. INITIAL ACCESS

Threat actors need to gain access to your environment somehow, and there are
only a few options available – generally speaking: vulnerability,
phishing/social engineering, and remote access.

Compromising remote access and phishing tend to vie for the top spot as the most
used initial attack vector in ransomware attacks (as defined by Technique 1133
in MITRE’s ATT&CK Framework). As of Q4 2021, they were tied, according to
ransomware response vendor Coveware’s Q4 2021 Quarterly Ransomware Report. And
were responsible as the initial attack vector in 61% of ransomware claims for
cyber insurer Hiscox. Brute force guessing of passwords (a common tactic used in
conjunction with remote access) was in 78% of all ransomware attacks. In many
cases, cyber attackers may have purchased user credentials on the dark web for
an average of just $3 (along with the IP address to access the RDP session).


2. LATERAL MOVEMENT

Once logically inside your network and after the compromised endpoint has been
reconfigured to facilitate persistence and act as the threat actor’s foothold,
it’s necessary to move within your network. It’s assumed that OS credential
dumping is used to gather elevated credentials, which are then used via remote
services (such as remotely running PowerShell sessions) or remotely connecting
to the Remote Desktop Services running on other internal endpoints servers. In
fact, according to Coveware, the use of Remote Services (MITRE Technique 1021)
is seen in 39% of all ransomware attacks.


3. COMMAND AND CONTROL

Once threat actors have access to the systems that give them entry to data,
applications, and services that aid to the overarching cybercrime goals, they
need easy access to a given set of systems. In many cases, threat actors use
third-party Remote Access Software (which usually runs over TCP port 80 because
of its lack of blocking in- and outbound traffic). According to Coveware, 63% of
ransomware attacks perform Command and Control actions using Remote Access
Software (MITRE Technique T1219).


DOING SOMETHING ABOUT YOUR REMOTE ACCESS PROBLEM

It’s evident from the industry data mentioned above that leaving any kind of
build-in remote access enabled only helps the bad guys. It’s equally apparent
that your organization isn’t just going to stop allowing the remote access that
its employees currently enjoy. So, you’ve got to do something that balances the
organization’s remote productivity and cybersecurity needs.

There are a few steps you can take.

 * Stop Using Built-in Remote Desktop Software – regardless of what OS your
   endpoints are using, threat actors are all too familiar with these products
   (more than even your internal IT and Security teams!). And they know how to
   abuse a remote connection to their advantage.
 * No More Internet Access to Remote Desktop Software – You can use this in
   conjunction with step 1 above or on its own. The biggest reason for this step
   is that threat actors know how to scan the web for your Internet-facing
   remote access services (and you changing the default port has zero impact on
   your remote desktop service being found).
 * Consider Third-Party Remote Access Software – Unlike OS vendors that include
   some default remote access capabilities, 3rd party remote access software
   vendors have spent material amounts of time ensuring their product is secure.
   It can integrate additional security layers, which brings me to my next step…
 * Use Multi-Factor Authentication (MFA) – however you choose to make systems
   accessible across the Internet, don’t simply rely on a username/password
   combination. Some great MFA solutions integrate with remote access products
   to ensure only the owner of a credential can utilize it, keeping threat
   actors from logging on even with a valid credential.
 * Consider Zero Trust – This is a whole string of articles on its’ own, but
   zero trust is the concept of “never trust, always verify.” Should you go down
   the path of zero trust in your firm, the remote access would be scrutinized
   to make sure aspects of the access request (e.g., the remote IP used, the
   time of day, day of week, the system being accessed, and the credential being
   used) aren’t out of the ordinary; should they be found to be suspicious, the
   request for remote access is denied.


MINIMIZING THE RISK. MAXIMIZING THE ACCESS.

Keeping the workforce operating is paramount, but cyber attackers use the same
tools and solutions. Because of the remote nature of your hybrid workforce
today, it is necessary to look at how your current remote access strategy
actually enables threat actors and, therefore, adds to your cyber risk – and
take steps to reduce that risk.

By looking at your current remote access strategy through the lens of how it’s
used today in cyberattacks, you’ll begin to think about precisely where you’re
aiding cyberattacks, as well as identifying what parts of your strategy would
need to be better secured.

Whether the answer lies in replacing your current remote access solution or
simply putting additional security layers in place, you must assess where your
remote access increases your risk. Extra security protocols would be so threat
actors need more than just the access itself to begin the work of hacking into
your environment and take the appropriate steps to thwart cyberattacks while
keeping your remote workforce working.



REALVNC




SHARE THIS POST

Share on facebook
Share on twitter
Share on linkedin



BLOGS YOU MIGHT ALSO BE INTERESTED IN:

Published: 2 September 2022 6 min read


MITIGATING ZEPPELIN’S (AND ANY OTHER) MISUSE OF RDP FOR REMOTE ACCESS

Read More »
Published: 19 August 2022 3 min read


HOW VNC CONNECT PROTECTS YOUR ORGANIZATION AGAINST THREATS, BY DEFAULT

Read More »
Published: 15 August 2022 4 min read


3 WAYS REMOTE ACCESS CAN MAKE OR BREAK OBTAINING CYBER INSURANCE

Read More »



KEEP UP TO DATE WITH EVERYTHING NEW AT REALVNC

Subscribe
Secure remote access trusted by professionals

COMPANY

 * About us
 * Careers
 * Blog
 * News

Menu
 * About us
 * Careers
 * Blog
 * News

VNC CONNECT

 * VNC® Connect
 * Device access
 * Instant support
 * VNC® Developer
 * Home subscribers

Menu
 * VNC® Connect
 * Device access
 * Instant support
 * VNC® Developer
 * Home subscribers

GET STARTED

 * Start a trial
 * Download
 * Subscriptions and pricing
 * Buy online

Menu
 * Start a trial
 * Download
 * Subscriptions and pricing
 * Buy online

PARTNERS

 * Become a partner
 * Resellers
 * Distributors
 * Partner resources

Menu
 * Become a partner
 * Resellers
 * Distributors
 * Partner resources

SUPPORT

 * Help center
 * Service status
 * Contact us

Menu
 * Help center
 * Service status
 * Contact us

4.7 stars, 400+ reviews
Top 50 IT Management Products 2020
4.8 stars, 11,700 reviews
Apple store 5M+ downloads
4.6 stars, 55,000 reviews
Google play store 5M+ downloads
4.5 stars, 100+ reviews
Best Software Reviews Platform
4.7 stars, 400+ reviews
Top 50 IT Management Products 2020
4.8 stars, 11,700 reviews
Apple store 5M+ downloads
4.6 stars, 55,000 reviews
Google play store 5M+ downloads
4.5 stars, 100+ reviews
Best Software Reviews Platform
4.7 stars, 400+ reviews
Top 50 IT Management Products 2020
4.8 stars, 11,700 reviews
Apple store 5M+ downloads
4.6 stars, 55,000 reviews
Google play store 5M+ downloads
4.5 stars, 100+ reviews
Best Software Reviews Platform


Copyright © 2002-2022 RealVNC® Limited. All rights reserved. RealVNC®, VNC® and
RFB® are trademarks of RealVNC® Limited.

 * Privacy policy
 * Trademarks
 * Patents
 * Refunds
 * T&Cs
 * EULAs

Menu
 * Privacy policy
 * Trademarks
 * Patents
 * Refunds
 * T&Cs
 * EULAs







RealVNC® uses cookies. For more information, please read our privacy policy.

Got it