Just recently, several hospitals in Brazil got hit by a ransomware attack. The attackers used a ‘brute force’ attack on Remote Desktop Services (RDS) environment of the hospitals. It’s not the first time. Hacks have been reported since 2015 all over the world with Europe and the US topping the lists after Brazil.
The article above describes attacks using the RDS Servers directly connected to the internet and “brute force” password guessing to execute the malware on the remote drives. But the risks don’t stop there. For example, end-users can execute malware by opening an attachment from an email. In a traditional approach, the end device has direct access to the shared network drives and as such is risking a cryptovirus to encrypt all data on all mounted drives.
I hear you think: ‘There is no such thing as absolute security’ and while that is true, above attacks would have been prevented by connecting via Awingu rather than directly connecting to their RDS Servers:
· Multi-Factor Authentication: Awingu comes out of the box with support for numerous “Multi-Factor Authentication” (MFA) options. Leveraging MFA would prevent any ‘brute force’ attack to take place.
· Throttle login attempts: Even if MFA is not adopted, Awingu will automatically throttle login attempts so that brute force would not be successful either.
· No direct access to shared drives: the end-user`s device has no direct access to shared drives which reduces the risk of infection or encryption dramatically
· Access files, not shares: Awingu provides the end-user with a web-based access to files that does not expose a shared drive to wholesale encryption or the uploading of malware
Awingu isn’t just about increased user experience, mobility, productivity, and manageability. Awingu also adds layers of security on top of a classic RDP deployment.
2/6/2017 by Arnaud Marlière