In a paper warning about the evolution of what it calls 'disruptionware', the Institute for Critical Infrastructure Technology (ICIT) highlights ransomware and RDP access as the current focus of a new development that "sees adversaries disrupting business continuity" posing "an existential threat to critical infrastructure operators."
The RDP/ransomware threat isn't limited to the critical infrastructure. It highlights the shift from random to targeted attacks. It is predicated on the dual reluctance or failure of industry to close RDP and the remarkable degree of access it affords the attacker. On the former, for example, ICIT notes (PDF) that "despite months of warning, as of July 2, 2019, 805,665 systems remain vulnerable to the BlueKeep RDP exploit, with an estimated 105,170 systems located in the United States."
On the latter, RDP provides complete and remote administrator control over the accessed device. "While the victim is deciding whether or not to pay the ransom," says the ICIT, "the adversary retains access to the system, allowing them to install backdoors, remote access Trojans, or other malware that can facilitate future attacks or provide access-as-a-service to other attackers."
The reluctance of industry to close down RDP comes from its value as a business tool for remote maintenance. "Manual maintenance is deemed too expensive compared to remote access solutions, especially if the systems are located overseas," says the ICIT.
In a separate study (PDF) of the same subject, security firm Vectra points out that RDP allows a centralized maintenance team to monitor and fix systems at multiple manufacturing plants at ..
Support the originator by clicking the read the rest link below.
