Cybercriminals have their eyes on new vulnerabilities as a way of compromising your clients. Your response needs to go beyond patching bad code.
When thinking of vulnerabilities, most IT pros – whether working as an MSP or not – immediately think of patching operating systems and applications. But vulnerabilities are more than just bad code. Even if you’ve already included patching as part of, say, a remote monitoring and management service offering, there are plenty of other vulnerabilities cybercriminals can leverage to put your client’s operations and business at risk.
The following vulnerabilities are just three that likely exist today in one or more of your customers.
Remote Desktop Protocol (RDP) has long been a legitimate asset for those wanting to remotely control their Windows desktop. But organizations leaving these connections exposed to the internet have unwittingly introduce a dangerous vulnerability. Network scans – even when RDP is used on non-standard ports – can provide attackers with a list of open RDP targets. Additionally, some older versions of Windows run on default settings allowing an unlimited number of logon attempts made against local accounts. So, even if a brute force attack is necessary, it’s still only a matter of time until an attacker succeeds in gaining access.
In fact, RDP-based access was the primary attack vector for over 59% of ransomware attacks. That means the bad guys find it easier to scan for and automate attacks against exposed RDP connections than attempting phishing attacks. In 2018, SamSam was the big culprit, but new ransomware variants such as TFlower and vulnerabilities such as BlueKeep demonstrate that RDP as an attack vector is thriving.