Defending the perimeter

The restart is fortunately here, but for many, smart working will be a constant they will have to deal with for some time to come. Also, at this stage, many companies and artisans are relying more on websites to offer services and sales of goods. Therefore, never more important than at this time is it to verify that any access from the public network and any service posted have high security standards. Many companies have moved to working remotely quickly, without having time to ensure that proper verification was taken, and similarly, new stores for online shopping or service delivery are being set up very quickly, often putting security on the back burner, even for economic reasons.

Worrying data

The idea for this reflection comes from recent data presented by Kaspersky Labs’ Securelist reports, which for Italy indicate a significant increase in attacks on the Remote Desktop protocol, one of the most widely used for telecommuting. Consider that in recent months it has risen from about 3,600,000 attacks in February to more than 15,000,000 in March. The Remote Desktop Protocol or RDP is Microsoft’s proprietary standard that skills remote access functions on Windows and is also available for other operating systems such as macOS, Linux and Unix. RDP has many years on its shoulders since it originated with Windows XP back in 2001 and has been upgraded to the current Windows 10. Security problems were found in the past due to some vulnerabilities, which Microsoft resolved by improving its access management systems, but its fast authentication features without the use of complex handshakes has made it a tempting prey for cyber criminals. To target unsuspecting victims, so-called Brute Force or brute force attacks have been carried out, unleashed with various techniques in an attempt to crack passwords and usernames that can grant attackers access to the corporate network. The same kind of attack is often used to “breach” a website by detecting its access data. This is an old methodology that is still effective and is frequently used by hackers. This high number of attacks at such a sensitive time is obviously a worrying figure for Italy, and similarly, other countries in lockdown is also significant: the overall figure on detected attacks has risen from over 28,750,000 to over 96,700,000 with an increase of 236% in just one two-month period.

Without respite

The other figure to be taken into serious consideration is that of attacks on public and educational organizations, which experienced a 19 percent increase in attacks compared to the first quarter of 2019. In this case, these are in most cases Distributed Denial of Service (DDoS) attacks executed with the aim of making a service or its infrastructure unavailable by generating an overload of access to servers and making them effectively unreachable.

Vulnerability checks

Outdated operating systems, outdated access protocols, weak passwords, and simplified credential verification are all potential problems that burden services when exposed on a public network. For large companies and public administrations, verification procedures to test the security of services are essential. But it becomes clear that with such a high number of attacks, even for small businesses and artisans (even if economic times are not favorable), an assessment by professionals in the field is advisable to verify that the services most susceptible to attack are indeed secure. No matter whether you are using simple remote access or posting an updated version of a website, perimeter defense is essential to avoid problems. For an assessment, you can seek advice from the experts at Hypergrid, who will be able to point you to the most secure solution suited to your needs. Important services include, for example, HyperVPN an ideal solution for remote access that uses 2-factor authentication, HyperSAFE to ensure the impenetrability of computer systems, and Vulnerability Assessment to assess the security of your infrastructure.

For advice or information contact us at: info@hypergrid.it