New Zealand’s Computer Emergency Response Team (CERT NZ) has cautioned Kiwi businesses about weaknesses in widely used remote access solutions, urging them to work with their IT service providers to tighten up their security.
According to the national cyber agency, the majority of local ransomware attacks occur through poorly configured remote access systems, which businesses use to allow staff to access systems from outside the office – a widespread factor amid the ongoing pandemic.
While there are a range of such systems in use, one of the most commonly used is Remote Desktop Protocol (RDP), with over 2,500 identified in New Zealand, the agency noted, adding that RDP has a number of weaknesses.
This means that when the protocol is used over the internet it can be exploited by attackers and, indeed, is a leading contributor to the ransomware incidents that CERT NZ receives.
Given that RDP is often exploited by attackers to gain access to an organisation’s network, CERT NZ is recommending that organisations consider other options to enable remote working, such as a virtual private network (VPN).
“It’s essential that organisations urgently review their remote access systems, and make sure these systems are as secure as they can be. You may need to talk to your IT team or service provider about how to do this,” said Michael Shearer, CERT NZ threats and vulnerabilities principal advisor.
To help protect local organisations, CERT NZ is currently partnering with internet service providers (ISPs) to contact businesses that use internet-exposed RDP to provide advice on how they can make remote working more secure.
“Regardless of what technology organisations use to enable remote working, it’s important to keep your system up to date and enable two-factor authentication for logins,” Shearer said.
More broadly, CERT NZ is concerned about the growing impact ransomware attacks are having on New Zealand, according to Shearer.
“Recent events have brought to light the devastating effects a ransomware attack can have on an organisation. There’s been an increasing trend of these types of attacks globally over the past 18 months, and they’re only going to continue,” he said.
Indeed, CERT NZ has seen an increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year.
With a total of 30 reports, the latest tally is the highest number of ransomware reports made to CERT NZ within one quarter.
“These figures do not paint a complete picture of the extent of ransom attacks in New Zealand. These numbers only reflect what has been reported to us, however conversations with our industry partners indicate there are a lot more attacks happening,” Shearer said.
In June, it was found that three in five small businesses believed they should be doing more to keep secure online, according to a survey by CERT NZ.
While the majority of small businesses with an online presence understood the importance of protecting their websites, some small businesses were not taking action.
Further, of that three in five, only 18 per cent strongly agreed they needed to do more while 40 per cent agreed "slightly".
Most concerning, only 45 per cent had processes in place to prevent a cyber attack.