Small businesses often assume they don’t need to worry too much about cybersecurity because they’re small and have little of what the threat actors want. While it’s true that a hacker likely won’t target a local small business specifically, the false assumption is that hackers are the only threat. The reality is that most successful cyber-attacks today are carried out by vast networks of computers and software programs, often referred to as “bots.” These bots are unbiased, relentless, and a major threat to small businesses. This is the story of how a seemingly simple change almost led to a disastrous cyber-attack for a local business.
It Was Just Remote Access…
Although there may soon be a light at the end of the tunnel for the COVID-19 pandemic, many businesses are still dealing with the challenges of limiting exposure and sending sick employees home. Recently, a small business encountered such a challenge when one of its staff members needed to work from home to avoid spreading illness throughout the office. Unfortunately, the business did not yet have a method in place for remote work. One of the business’s employees, however, recently set up remote access at home, and they recommended a simple and free solution.
Needing an immediate solution, the business heeded the advice of its employee and created a “Port Forward” in the firewall, allowing the remote employee to use Remote Desktop Protocol (“RDP”) to connect to their office computer from home. After the quick changes, the employee was able to successfully connect to the office from home. All was good!
Unleash The Bots
24 hours a day, 7 days a week, 365 days a year, bots scan every single firewall across the entire internet looking for common weaknesses that can be exploited. With the prevalence of remote work in recent years, RDP has quickly become a specific target for these bots. When a business opens a port in their firewall to allow remote workers to connect via Remote Desktop, bots can quickly and easily find this opening and begin trying to exploit it.
After finding a firewall with RDP accessible, the bot begins trying to log in to the computer or server in a “brute-force” strategy. Every single minute, the bot tries thousands of different username and password combinations. Left undetected for a few days, many bots successfully guess the correct username and password, and they gain access to the computer. From there, threat actors can log in without resistance, install ransomware, and hold the business hostage.
An Attack Thwarted
In this story, one thing saved the small business from an inevitable disaster: its managed I.T. services provider (“MSP”). The business was using Digital Boardwalk to monitor its technology and proactively address cybersecurity threats. As a mature MSP, Digital Boardwalk has specialized monitoring in place to specifically watch for suspicious activity with Remote Desktop. Within minutes of the attack, Digital Boardwalk’s Cybersecurity & Compliance team was notified of the brute-force attack and swiftly took action to close the vulnerability in the firewall, stopping the attack in its tracks.
Preventing The Attack
Had the business contacted its I.T. service provider to get professional guidance for its remote access needs, the entire cyber-attack could have easily been prevented. But this story is not uncommon. Many businesses neglect to consider cybersecurity when they implement changes in their technology, especially when the change is something so simple. For this reason, mature MSPs don’t assume that businesses will always do the right thing and consult them first. Instead, mature MSPs assume the worst and develop robust detection mechanisms and response processes to quickly identify and stop threats, no matter who was responsible.
Many businesses haven’t been so lucky to have an MSP on their side with well-developed strategies for these types of attacks. It’s a harsh reminder that no matter the size of the business, having cybersecurity experts protecting the business’s technology is vital.