More than 2,000 Australian businesses have been exposed online as malicious actors attempt to compromise Windows Remote Desktop Protocol (RDP) services.
According to warning issued by the Australian Cyber Security Centre (ACSC), 48,000 Australian RDP services -- Windows Terminal Services or Windows Remote Desktop -- were accessible online in 2018 and 2019.
The warning follows a security notice issued by Microsoft about a ‘wormable’ vulnerability within older Microsoft operating systems,such as Windows XP and Windows Server 2003, which allows malware to propagate between vulnerable computers.
As a result, the Government agency has urged businesses to patch their operating systems until able to migrate to a supported operating system.
According to the ACSC, compromises to RDP services are part of ongoing campaigns to exploit cyber security weaknesses within Australia. These can lead to major ransomware incidents, such as the destruction of online backups and core services, the agency said.
Often associated with key operational systems, potential attacks can lead to data and IP theft, long-term malicious intrusion into an affected business, extortion via maliciously encrypted business data and reputational damage, the ACSC warned.
As well as exploiting known vulnerabilities, RDP service attacks can also occur through brute forcing credentials with automated tools and using stolen credentials.
In addition to patching vulnerable operating systems, the ACSC also issued guidelines to prevent attacks on RDS services. These include, for in-house IT teams, using multi-factor authentication on RDP, logging connections and monitoring for unusual activity and also using supported systems.
The agency also warned businesses to check systems are not visible to well-known internet scanning tools and restricting RDP services to authorised networks only.
For enterprises using managed IT support, guidelines included contractual agreements based on up-to-date assessment of threats, clearly defined roles and responsibilities and monitoring traffic for at least 90 days.
