The UK NCSC (National Cyber Security Centre) was established in 2016 to meet the need for a single focal point in UK government for cyber security, to improve our national defenses and make the UK the safest place to live and work online.
In their 2021 Annual review the NCSC identified cyber threats in the UK continued to grow and evolve. “Covid-19 pursued to shape the cyber security landscape. Cyber criminals extended to exploit the pandemic as an opportunity, while hostile states shifted their cyber operations to steal vaccine and medical research, and to undermine other nations already hampered by the crisis. The pandemic has also brought about an acceleration in digitisation, with businesses and local government increasingly moving services online and essential services relying ever more on cloud IT provision. This has broadened the surface area for attacks and has often made cyber security more challenging for organisations. “These effects are not limited to the UK… They are global.”
Ransomware attacks have been identified as the most significant cyber threat in 2021. Not only in the UK, ransomware attacks threatened critical national infrastructure (i.e. hospitals, energy utilities, …). The real-world impacts are enormous: “In July the Irish Health Service Executive announced the recovery costs from an attack in May would be $600m (£442m), while Hackney Borough Council estimated in February it would cost approximately £10m to recover from a cyber breach in 2020”.
Remote Desktop Protocol on top of the list
The NCSC identified the most commonly used ransomware attack vectors. These are:
- RDP: Remote desktop protocol attacks are the most commonly exploited remote access tools used by ransomware hackers. Hackers use insecure RDP configurations collected through phishing attacks, data breaches or credential harvesting to gain initial access to the victims environment. Awingu has already identified in the past that many (many!) organizations are sloppy with their RDP deployments. Moving into the public cloud does not make things better. They unfortunately make things worse! (read more here)
- VPN: Since the shift in remote learning and working since the pandemic began, threat actors have been exploiting vulnerabilities present in Virtual Private Networks to take over the remote access. In fact, all major VPN vendors have suffered breaches, some even multiple in the same year. VPN as a technology was born in 1996. Let’s face it, those were different times. (read our blog post about this)
- Unpatched devices: Attackers are targeting unpatched software and hardware devices to gain access to the victims network. One example of this is the vulnerabilities in Microsoft Exchange Server that are known to have been used by persistent threat groups.
Awingu to the rescue
Don't throw away the as-is RDP environment, but easily secure it ...
Is your organization currently using RDP for remote access to enable employees or contractors? Awingu can take away a big part of the risks by moving the RDP access to the browser (in HTTPS/HTML5) instead of using the RDP protocol (with the local RDP client) as such; by very easily adding MFA (multi-factor authentication); by only requiring port 443 access (HTTPS); and by offering not only full usage audit and anomaly detection, but also a lot more out-of-the-box.
There is no need to throw the as-is Remote Desktop deployment out the door. But do stop using RDP as the direct means for users to access their apps or desktops.
Stop exposing RDP in the open. Add Awingu in front.
How does it work? Awingu is a virtual appliance that acts as a gateway and can be installed in your infrastructure of choice (your own datacenter or a public cloud). The Awingu gateway will talk with your existing back-end RDP services (applications, desktops, servers, …) and will make them available in HTML5, so they are accessible in the browser. Awingu also adds a bunch of other capabilities like for example Single Sign-On, MFA, usage auditing, file server access. The fact that Awingu is a simple gateway means it can be installed in a matter of hours.
Still have Windows Server 2008 deployed? Maybe even older? Given Awingu works with the RDP protocol, old versions are also supported. (read more here)
Furthermore, for the end-user, life is simple. They just need to login to their services via their browser. This is something they are very familiar with in their private life (thinking of Gmail, Facebook and the likes). The fact that Awingu is fully client-less is also a big plus for IT (support) teams. No more hassle in deploying and updating agents on devices. Especially for contractors. Speaking of contractors: you’re not giving them RDP access from their own devices right?
Want to find out more about how Awingu adds security layers on top of your RDP?
Download our whitepaper: “Above and beyond RDP”
Do throw away the VPN wherever you can ...
Where we can securely build on your RDP platforms, VPN‘s are a different game. Awingu does not need a VPN. Actually, Awingu can help you replace the need for VPN. Depending what your starting-point is, leverage Awingus Reverse Proxy (for web apps) or HTML5 file browser (accessing your file systems over WebDav or CiFS) in addition RDP-based applications or desktops.
Want to find out more about Awingu?
About the author
Chief Sales & Marketing Officer