cyberawareness training

Can companies prevent ransomware attacks through RDP with cyber awareness training? 

Ransomware attacks have become commonplace, and their danger is increasing.

It’s because companies can only fight them once employees get the crucial cyber awareness training.

After all, once such software is installed on the systems the companies have to experience downtime affecting their reputation.
CAN Financials paid the largest amount of 40 million USD as ransom in March 2021 to hackers. But most importantly, hackers got access to confidential data of its clients, i.e. the insured.
Hence, employees must have due training to detect such attacks in time. Insider attacks are also common when they upload ransomware on the system. RDP(Remote Desktop Protocol) is now the most common way to upload ransomware on systems.

What is RDP?

Over time, RDP has become an increasingly common way for employees to access their systems once they are not present near them. This happens because employees are working from home on their laptops but need to work on some files stored on the office computer. So, when the employee works in a hybrid model and uses the office PC sometimes but does not have time to transfer them to a USB for use when he is working from home, he can use RDP. In RDP, the user gets access to the desktop of his office PC and all the files stored on the PC can be edited by him.

Through the internet, the keystrokes of the user on his home PC’s keyboard are transferred to his desktop PC.

The RDP method of connecting the home PC to the office desktop pc allows companies to keep a tab on their operations because they can monitor when an employee logged into the remote desktop client software to access the desktop PC. The user can locally get printouts of documents available on his office PC. In RDP, the keystrokes of the user are encrypted through 128-bit RC4 encryption. The user can also store his files on the office PC through the copy-paste functionality through a shared clipboard. Through the remote desktop functionality, since the users get control of the office PC, they can run any software installed on it.

So, it makes sure that they don’t have to install the software on their home PC. Although RDP, is a time-saving feature, the problem arises when a hacker gains access to an office PC because he has somehow accessed an employee’s credentials. Therefore, organizations need to follow some guidelines for the prevention of such unwanted intrusion. The organizations must ensure that all the PCs in the office are not accessible through the RDP, especially those containing confidential data.

Hence, cyber awareness training can help employees who are using the RDP to work safely. They can be taught how to change the RDP port because port 3389 is used by Microsoft to provide access to any RDP request. This port whenever it’s open due to the RDP connection can be discovered by any port scanner and hence the hackers can intercept the keystrokes.

Prevention of brute force attacks

The organizations must also be cautious regarding who is allowed access to a network. This can happen because hackers use brute force attacks to get the password to an RDP connection. Brute force algorithms try hundreds of passwords before they figure out the correct one. Hence, the organizations should block logging in through RDP client software once a certain number of login attempts fail.

Also, employees should only log in to the RDP through their email addresses, which will make it tough to access their systems even if brute force algorithms are used for cracking passwords. Employees should make sure that their email IDs are not disclosed unintentionally to anyone.

Employees can also use strong passwords to prevent any brute force algorithm from finding them. Apart from that, a company should use Remote Desktop Gateway Server, which makes sure that 2-factor authentication is there, in which case an employee can’t log in to a remote desktop without an OTP. This is the server through which all the connections to the RDP server pass through. So, the remote desktop gateway server minimizes the chances of the remote desktop server getting hacked because the latter has a private IP address and hence the connections to this server have to be routed through the gateway server.

X (Twitter)