Remote Desktop Protocol (RDP) is the most dominant cyber security attack vector, being used in 63.5% of disclosed targeted ransomware campaigns in Q1 of 2019.
[1] The average downtime related to a ransomware attack is 7.3 days and its average cost is $64,645.
[1] Besides spreading malware, RDP attacks are used by skilled hackers to infiltrate corporate environments. RDP is the ultimate infection vector that evades all security layers in most antivirus software and compromises the system directly. During the recent COVID-19 pandemic, the frequency of RDP-based attacks has drastically increased as a result of a large number of employees working from home.
[2][3]The most common ways of gaining access of a computer via RDP are the following:
- Brute-force attack - the attackers attempt to sign in to an account by using trial-and-error methods. These can include repeatedly trying to log in with commonly used or stolen credentials, leading to many failed sign-ins occurring over very short time frequencies, typically minutes or even seconds.[4]
- Unpatched OS - the operating system is vulnerable to known Remote Desktop exploits. An example is BlueKeep[5], which allows the attacker to run malicious code in the kernel memory of the server, taking control of the entire system.
We are proud to introduce our solution to the Remote Desktop vulnerabilities -
Remote Access Shield.
The shield offers the protection of your business or your personal data with the following features:
- Choose who can remotely access the protected computer using Remote Desktop, blocking all other connection attempts.
- Automatically block any brute-force attacks trying to crack the protected computer's credentials.
- Automatically block connections attempting to use Remote Desktop exploits like BlueKeep to take control of the protected computer.
- Automatically block Remote Desktop connections from high-risk IP addresses.
- Get notifications about Remote Desktop connection attempts blocked by Avast.
The Remote Access Shield is available in Avast Premium Security starting with version 20.5 and it will reach Avast Business edition soon.
If you have any questions or suggestions for this new feature, please let us know! We would appreciate all of our beta testers to try the Remote Access Shield out and give us feedback!
[1]
https://www.coveware.com/blog/2019/4/15/ransom-amounts-rise-90-in-q1-as-ryuk-ransomware-increases[2]
https://healthitsecurity.com/news/covid-19-remote-work-causes-spike-in-brute-force-rdp-cyberattacks[3]
https://securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820[4]
https://www.microsoft.com/security/blog/2019/12/18/data-science-for-cybersecurity-a-probabilistic-time-series-model-for-detecting-rdp-inbound-brute-force-attacks[5]
https://blog.avast.com/what-is-bluekeep