independent news and opnion

Over half of Fortune 500 exposed to remote access hacking – Axios

0 8


Over a two-week period, the computer networks at more than half of the Fortune 500 exposed a dangerous remote access protocol to the internet, something many experts warn should never happen, according to new research by the security firm Expanse and 451 research.

Why it matters: According to Coveware, more than 60% of ransomware is installed via a Windows remote access feature called Remote Desktop Protocol (RDP). It’s a protocol that, at its best, allows attackers to disrupt access and, at its worst, is vulnerable to hacking itself.

What is RDP: RDP is a way of offering virtual access to a single computer. It allows, for example, an IT staffer in one office to provide tech support for a baffled user in a different office.

  • But RDP is best used over a secured network rather than over the open internet.
  • “We compare exposed RDP to leaving a computer attached to your network out on your lawn,” Matt Kraning, co-founder and CTO of Expanse told Axios’s Codebook.
  • It’s an opinion shared by experts at McAfee and Sophos, who note that in the absence of multifactor authentication, the protocol can often be hacked into with only a few hours guessing common passwords.
  • Even in ideal circumstances, when passwords are strong, a malicious actor could overwhelm an RDP connection with traffic (known as a DDoS attack).

What they found: The Expanse / 451 study found that at 53.4% of Fortune 500 companies had an RDP exposure over a two-week period scanning for open RDP ports.

  • The technical sophistication of the companies didn’t seem to have much impact on RDP exposures. For example, around 80% of hospitality industry companies and just under 80% of defense and aerospace companies had at least one exposure, despite defense and aerospace being among the most security-conscious sectors.
  • Cybersecurity budget, either as a percentage of the annual budget or total spending, also had no consistent effect on exposure. By percentage of budget, 43% of companies in the lowest-spending quartile had exposures, compared to 53% of those in the top spending quartile.

The bottom line: The threat of RDP exposures often fly under the radar. IT staffs are really good at looking at what they know about, but not at what they don’t,” said Kraning.

  • “If Fortune 500 companies have exposures, what chance do smaller companies have,” he added.

Go deeper:



Source link

You might also like

close
Thanks !

Thanks for sharing this, you are awesome !