BLOG – COVID-19 response sees increase in potentially exploitable attack surface
Following our previous analysis of the likely cyber threat consequences of the COVID-19 crisis, we look at how efforts to accommodate remote working have also increased attack surfaces.
Following the UK government’s advice in response to the COVID-19 crisis, businesses from many sectors have transitioned to remote working. According to Orpheus data – and as anticipated in our previous blog post – this has resulted in a significant rise in open Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) ports, as the use of remote working solutions like Citrix XenApp, Microsoft Remote Desktop Services and TeamViewer are requiring companies to expand their infrastructure. We compared the same set of 2,000 UK based companies in the weeks preceding and following the announcement, with the results displayed in the graph below.
This recent uptick in ports associated with RDP services (mostly 3389) and VNC (mostly 5900) on companies’ networks indicates that this may be a general trend across different sectors, with particular emphasis on sectors such as professional services, financial services, education and even companies in the healthcare sector in response to the recent COVID-19 outbreak. Many of these new connections will have appropriate controls in place – for example strong and unique passwords, restrictions on brute forcing, and two-factor authentication.
However, adversaries will continue to look for potentially vulnerable RDP and VNC services on which they can gain a foothold. RDP instances are routinely exploited by threat actors looking to spread ransomware, as demonstrated by Orpheus intelligence reports, which cite RDP as one of the most common technologies exploited during ransomware attacks. The Zeppelin and Nefilim ransomware variants have recently targeted RDP instances in this way. Similarly, a range of adversaries have also targeted recent vulnerabilities in VPN software to gain a foothold on corporate networks, including that produced by Citrix (CVE-2019-19781) and Pulse Secure (CVE-2019-11510).
Maintaining the availability of working arrangements has been the key priority from an information security perspective during the COVID-19 crisis. However, with the current situation likely to persist, organisations need to ensure that they avoid incurring a technical debt with the other two elements of the information security triad – confidentiality and availability.
We recommend that businesses take precautions when deploying remote working solutions as a response to government lockdown measures, as threat actors are looking to exploit vulnerable companies for profit through ransomware. When setting up RDP or VNC services, companies should ensure the appropriate controls are in place, and thus reducing the prospect of further disruption from COVID-19. Taking a threat-led approach and understanding how your organisation looks from an attacker’s perspective is critical in identifying and ultimately reducing your level of cyber risk.
To understand how Orpheus’ Cyber Risk Rating service can help secure you and your supply chain and to find out your Cyber Risk Rating for free and begin reducing your company’s cyber risk, click here.
Get our latest cyber intelligence insights straight into your inbox every week
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.