Analysis: Securing RDP to Prevent Ransomware Attacks episode artwork

EPISODE · May 15, 2020

Analysis: Securing RDP to Prevent Ransomware Attacks

from Info Risk Today Podcast · host InfoRiskToday.com

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments.

Episode metadata supplied by the publisher feed · Published May 15, 2020

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Analysis: Securing RDP to Prevent Ransomware Attacks

0:00 0:00
of MATCHES

TRANSCRIPT · AUTO-GENERATED

Ransomware, the cybercriminal's gift that keeps on giving. Three scenarios for coming through COVID-19 and why we're still using PIN to pay. These stories and more in this week's ISMG Security Report. Hello, I'm Nick Holland.

It's a great time to be a cybercriminal. Remote workers, plenty of social engineering bait, and security teams with their eye off the ball. Ransomware continues to deliver paydays for these criminals, despite plentiful advice not to pay up. Another piece of advice, lock down remote desktop protocol.

With more is ISMG's Executive Editor, Data Breach Day in Europe, Matthew Schwartz. Security experts and law enforcement officials have long warned that paying ransoms doesn't pay. For starters, it directly funds the crime ecosystem and makes it attractive for criminals to keep launching ransomware attacks. Anytime the average payment goes up, furthermore, it attracts new players.

Of course, crime is never going to go away. The criminals are going to continue to go after and find ways to make money for us. That hasn't changed in thousands of years, right? There will always be people looking to make money.

That's Raj Samani, Chief Scientist at security firm McAfee. When it comes to blunting ransomware attacks, Samani says organizations need to ensure they have the right defenses in place before they get hit. Unfortunately, as with all things cybersecurity, too many organizations wait until they've been hacked to put the right resources in place. Take the 2018 Samsam ransomware attack against the city of Atlanta, for example, which led to estimated cleanup costs of $17 million.

For just a fraction of that, had the city planned ahead, it could have put better defenses in place, including regular backups that got stored offline, enabling the city to simply wipe and restore systems in the event of a successful ransomware outbreak. Maintaining those sorts of backups is one essential defense against ransomware. Another, says Samani, is to lock down remote desktop protocol, which too often has weak passwords and which lacks multi-factor authentication or other essentials designed to restrict access to authorized personnel only. RDP is a useful tool.

It enables IT teams to remotely access systems, but the same can go for any attackers that also gain access to RDP. They too can remotely control systems. Many criminals today are in fact doing this to steal corporate data and oftentimes then install crypto locking malware on as many systems as they can find. Obtaining valid RDP credentials is easy.

Criminals can buy stolen or brute force credentials for as little as $3 on some forums, $20 on others. But for any attack that leads to a ransom payment by the victim, attackers will have earned a massive profit on what was very little investment. That's why locking down RDP remains a cornerstone of any essential ransomware defense. And I know that that seems simplistic, but the ways that they're getting into environments isn't by and large necessarily remarkable.

It is things like this where you've got the state of credentials online. Samani says there are two other essentials for blocking ransomware attacks. The other thing that I would really strongly suggest is make sure that you are monitoring what goes on in your environment and make sure that you've got backups that are offline and disconnected from your organization, not online backups. And the most important thing is don't pay.

I mean, if you want to try to stop this from happening, if you want to kind of put the only way that we're going to do it is by impacting their ROI. Right. If they're not going to make money, they're not going to do it. It's very simple.

Cybercrime remains a business. If more organizations help to disrupt that business model, lowering attackers return on investment, it stands to reason ransomware will become less of a threat. For Information Security Media Group, I'm Matthew Schwartz. You're listening to the ISMG Security Report on ISMG Radio, ISMG, your number one source for information security news.

As we reach the middle of May, people across the world, as well as their economies, experiencing varying degrees of cabin fever from the COVID-19 lockdown. In the U.S., the patchwork of states opening certain non-essential businesses is expanding. But there are clear concerns that this is premature. In a continuing series of video interviews that ISMG's SVP of editorial Tom Fields has conducted with emergency management expert Regina Phelps, this week they discussed three scenarios outlined in new research from the Center for Infectious Disease Research and Policy.

Here's Regina's reality check on those findings. So what I want to say overall to you is there's no silver bullet. There is no immediate savior here and that our life is going to continue in different versions of what we're experiencing now until either one of two things happens. One is that we have a successful therapeutic, which is an antiviral, very likely that will be able to treat the symptoms of the illness.

And then secondarily, of course, the best option would be a vaccine. And we know already that that's 18 to 24 months and likely longer than that. So if you keep that in the back of your mind and then you look at this document that shows three waves, and again, this is done by CIDRAP, which is a group that Michael Osterholm has been with for some time out of Minnesota. And essentially what you'll see when you look at the very first top series of waves is a series of peaks and valleys.

And so what you'll see is the first big peak of where we're at right now. And then you'll see we go down and then we don't behave ourselves for a period of time and then we go right back up. And then we go through this sort of a, they call it almost like a shark tooth kind of wave. So it's based on our behavior.

We have peaks because we have a lot of cases, a lot of illness, a lot of deaths. And then it goes back down because we have now sheltered back in home again. And then we behave ourselves for a period of time and it goes right back up. So that's that sort of shark tooth.

That's in many ways where we are right now. The second one is a different version of this. And this would be very much like 1918 of which what you see is the first peak, which is really that first. Really, the second one doesn't really count as that first one big wave.

And that's where we are now. And then it will go down. It'll go down for a period of time, potentially. And then over the course of the fall, maybe as around October or so, it will really come back with a lot of fierceness.

And then will actually be a longer period of time and then go down. And then because of the size of that wave, we will have gone through a lot more individuals. So we had a lot more herd immunity. And then the following waves would be smaller.

Probably the best example, the best thing we could hope for is actually the slow burn, which is the one at the bottom. So we start with this big peak that we are now. And then what we have is more of a rolling hills, if you will, where we are behaving ourselves with physical distancing, wearing of masks and really appropriate behaviors that minimize this this up and down that we're likely to experience with large social gatherings, not wearing a mask, not not physically distanced. And so our best solution, our best possible solution is number three, which is the slow burn.

I'm fearful, however, that we're probably going to vacillate maybe between the first one, the shark teeth and the second one, which is the big peak in the fall. Finally, don't know about you, but my recent forays to supermarkets have been something of a surreal experience with masked shoppers navigating shopping carts down one way grocery lanes, searching furtively for elusive Clorox wipes, maintaining a social distance and minimizing contact with surfaces is relatively easy in the aisles. But at the checkout, it's a different matter. Understandably, there's been a spike in the uptake of self-service checkout, as well as contactless payment types such as Apple and Android Pay.

But there's quite often still the need to type in a PIN. So why is that? For clarification on why we still need PIN to pay, I spoke with Randy van Noof, Executive Director of the Secure Technology Alliance. Here he is.

Yes, PIN has gotten a lot more attention since COVID-19 has become part of the conversation. But you'll recall that the U.S. got a lot of criticism for not implementing PIN when it moved to EMV contact chip technology because people felt like there should be PIN associated with each payment card transaction. We've kind of adjusted to that norm.

And I don't think people are overly concerned about lost and stolen card fraud because that was the primary value that people would get from entering the PIN for each card transaction. But there is still a large percentage of consumers that use their debit cards and those debit cards are PIN enabled. And when they go to an ATM machine, of course, they're still required to use a PIN. So PIN hasn't gone away.

Now that we're looking at every interaction between a public used device and our own personal touch and cards, people are might be reassessing when and how often they use PIN. But we're strongly advocating that we don't overreach and overregulate in order to suddenly make PIN taboo because there are certain payment transactions that are built to require PIN and those systems can't be changed overnight. And so the side effect could be that for certain types of transactions, for certain types of consumers, they would suddenly lose their ability to pay if PIN was suddenly taken away. And that's why we came out with this guidance that says you can still transact with PIN in a safe and secure way.

You just need to change how you enter your PIN and be conscious of the fact that when you do, if you're using a store provided device or using your finger, you're putting yourself at a higher level of risk. And to be clear, those are things like EBT cards, SNAP, WIC, things like that. So again

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Info Risk Today Podcast?

Episode duration information is not available.

When was this Info Risk Today Podcast episode published?

This episode was published on May 15, 2020.

What is this episode about?

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments.

Can I download this Info Risk Today Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!