Posts Tagged ‘point of sale attacks’

The Time to Increase Security Against Malware with RHUB Remote Support Servers Is Now

August 25th, 2014

Security breaches have become so common, they are increasingly part and parcel of the day’s headlines. While not all of the breaches have common links, one thing they can have in common is poor remote access security.

According to recent data releases, malicious hackers are now taking advantage of publicly available tools in order to specifically locate and identify businesses that utilize remote desktop applications. Remote desktop solutions such as Apple Remote Desktop, Microsoft’s Remote Desktop, Splashtop 2, Chrome Remote Desktop, LogMeIn, Pulseway, Join.Me, and others certainly provide a tremendous amount of efficiency and convenience when it comes to connecting to a computer via a remote location. Unfortunately, they can also serve as a gateway for hackers.

Once those applications have been identified, persons with malicious intent can attempt to force the login feature of the remote desktop solution. Once the suspect has gained access to what was previously a secure access account, it is possible to deploy a point-of-sale malware. As a result, the suspects are then able to remove consumer payment data using an encrypted POST request.

This dire situation has become increasingly common. Similar attacks have been seen in PoS malware campaign. Some studies now indicate that specifically targeting Remote Desktop Protocol through Bruteforce attacks is definitely on the rise.

In some instances, remote desktop access connections are provided for the purpose of allowing employees to gain access to their computer while working at home or from another remote location. Other remote access connections are established to allow outsourcers and IT administrators to manage and support desktops. Whatever the case may be, it has become crucial for such remote desktop connections to be secured. Since such connections often include critical admin-level permissions that can be exploited by hackers, securing those connections is of the utmost importance.

Some might argue that if an end-user is only using RDP for accessing a single desktop, there is no threat. This is not actually the case. Even in such a situation, it is possible for those credentials to be utilized for installed malware on the system. Once an individual desktop has been compromised, hackers can utilize that desktop to serve as a base for accessing other systems.

So, what can a business do to improve remote access security? The following guidelines can help:

  • Begin by configuring account lockout settings so that user accounts are locked after a specified period of time. Account lockout settings can also be configured so that the account is locked after a certain number of failed login attempts, thus preventing an unlimited number of unauthorized attempts via an automated attack such as with Bruteforce.
  • It is also a good idea to limit the number of users who are able to log in using RDP.
  • Firewalls, both hardware and software, should be used in order to restrict access to remote desktop listening ports.
  • Complex password parameters should be defined. Establishing an expiration time is also an excellent way to reduce the amount of time in which an attack can successfully occur.
  • The installation of a Remote Desktop Gateway is another way to restrict access.
  • Administrative privileges should be limited for users and applications.
  • Systems should be reviewed periodically for dormant and unknown users.

In situations in which remote access is used for technical support, security can be advanced by following a few additional guidelines:

  • Remote access tools should be consolidated so that all inside and external remote access can be managed and monitored.
  • Once a central remote access solution is implemented, the need to open listening ports no longer exists. By blocking opening listening ports, such as TCP 3389, it is possible to shut off that access point for hackers.
  • Two-factor authentication is imperative. Additionally, each individual should be issued unique login credentials. Vendors and IT teams all too frequently share logins in an effort to save money on the cost of licenses, but this serves to weaken 2FA, thus making it impossible to audit who is actually doing what on a system.
  • Along with limiting admin privileges for applications and users, it is also a good idea to restrict when and where users are able to remotely access the system.
  • Keep in mind that while reviewing the system for dormant and unknown users is a good first step, it is better to establish alerts for unexpected activity. For instance, you might set up an alert that will notify you when a login occurs on the weekend or overnight.

Being proactive is always better than responding after the fact. With a full audit trail capture of remote access activity, it is possible to establish a warning system before real damage can be done. Security is multi-layered and it is important to recognize that no single solution will provide all of the protection that you need from a potential data breach. By locking down the initial entry pathway even further, it is possible to significantly increase your chances of keeping hackers at bay.

Are you interested in learning more about how you can benefit from a more secure remote support? Contact us at 1-866-758-0984 or email us at sales@rhubcom.com

  • Share/Save/Bookmark

Protect your Systems from Attacks by Using RHUB Remote Support Servers

August 11th, 2014

Recently, security researchers uncovered a global cybercriminal operation. Thousands of computers were compromised by the operation, which attempted to gain access into point-of-sale (POS) system through the use of brute-force techniques for guessing remote administration credentials.

The computers utilized in the attack were part of a botnet, which has been nicknamed BrutPOS. Believed to be active since at least February, the botnet works by scanning specific IP address ranges for systems accepting Remote Desktop Protocol connections.

When a Remote Desktop Protocol (RDP) service is identified by one of the computers, common user names and passwords are used by the malware in an attempt to log into that connection. In the event that the credentials are successful, the information is then transferred to command-and-control servers. At that point, attackers make a determination regarding whether the system is a POS terminal. If it is a point-of-sale terminal, a malware program is installed in in order to extract payment card details.

While it certainly seems as though RDP connection attacks are on the rise, they are not actually new. In fact, they have been going on for years. Originally developed by Microsoft, RDP is a type of proprietary protocol that allows users to benefit from a graphical interface to connect with other computers through a network connection. RDP was first designed to allow remote access on a LAN. Consequently, security issues can occur when support teams use RDP on the Internet for establishing connections with systems off the network. This is because such connections can often result in compromised security, including allowing default ports to be opened.

The real problem is that such ports can be extremely vulnerable and far too easy for hackers to identify. Login credentials are often frequently susceptible to such Brutforce POS attacks because such credentials are often shared. To make matters even worse, hackers can often gain access to an organization’s internal network when compromised workstations are connected to the internal network. Hacking RDP connections can prove to be quite profitable for hackers because they can gain control of your organization’s servers and then sell the relevant credentials for targeted systems as lucrative commodities in the cyber criminal underground. While RDP attacks may not be new, they do certainly appear to be on the rise.

In a litany of recent credit card breaches at businesses ranging from discount stores to restaurants, this most recent attack serves as yet one more example of how RDP connections can be targeted and even successfully compromised by hackers. This is precisely why we recommend the use of RHUB remote support servers for RDP as it allows IT administrators to continue using RDP in a safe and secure manner without any vulnerability to such malicious attacks.

If you are not yet a customer of RHUB, become one today and learn how you can protect your systems from attacks by hackers. Call us at 1-866-758-0984 or email us at sales@rhubcom.com for more information.

  • Share/Save/Bookmark