Nov 14, 2019

Exclusive: Over half of Fortune 500 exposed to remote access hacking

Over a two-week period, the computer networks at more than half of the Fortune 500 left a remote access protocol dangerously exposed to the internet, something many experts warn should never happen, according to new research by the security firm Expanse and 451 research.

Why it matters: According to Coveware, more than 60% of ransomware is installed via a Windows remote access feature called Remote Desktop Protocol (RDP). It's a protocol that's fine in secure environments but once exposed to the open internet can, at its best, allow attackers to disrupt access and, at its worst, be vulnerable to hacking itself.

What is RDP: RDP is a way of offering virtual access to a single computer. It allows, for example, an IT staffer in one office to provide tech support for a baffled user in a different office.

  • But RDP is best used over a secured network rather than over the open internet.
  • "We compare exposed RDP to leaving a computer attached to your network out on your lawn," Matt Kraning, co-founder and CTO of Expanse, told Axios.
  • It's an opinion shared by experts at McAfee and Sophos, who note that in the absence of multifactor authentication, the protocol can often be hacked into with only a few hours guessing common passwords.
  • Even in ideal circumstances, when passwords are strong, a malicious actor could overwhelm an RDP connection with traffic (known as a DDoS attack).

What they found: The Expanse/451 study found that 53.4% of Fortune 500 companies had an RDP exposure over a two-week period scanning for open RDP ports.

  • The technical sophistication of the companies didn't seem to have much impact on RDP exposures. For example, around 80% of hospitality industry companies and just under 80% of defense and aerospace companies had at least one exposure, even though defense and aerospace are among the most security-conscious sectors.
  • Cybersecurity budget, either as a percentage of the annual budget or total spending, also had no consistent effect on exposure. By percentage of budget, 43% of companies in the lowest-spending quartile had exposures, compared to 53% of those in the top spending quartile.

The bottom line: The threat of RDP exposures often fly under the radar. "IT staffs are really good at looking at what they know about, but not at what they don’t," said Kraning.

  • "If Fortune 500 companies have exposures, what chance do smaller companies have," he added.

Go deeper:

Go deeper

Updated 12 mins ago - Politics & Policy

Updates: George Floyd protests nationwide

Police officers wearing riot gear push back demonstrators outside of the White House on Monday. Photo: Jose Luis Magana/AFP via Getty Images

Protests over the death of George Floyd and other police-related killings of black people continued for a seventh day across the U.S., with President Trump threatening on Monday to deploy the military if the unrest continues.

The latest: New York City Mayor Bill de Blasio tweeted early Tuesday that he'd just left the Bronx and the police commissioner was sending additional assistance to problem areas. Protesters were "overwhelmingly peaceful" Monday, he said. "But some people tonight had nothing to do with the cause + stole + damaged instead," he added.

2 hours ago - Technology

Civil rights leaders blast Facebook after meeting with Zuckerberg

Screenshot of an image some Facebook employees used as part of their virtual walkout on Monday.

A trio of civil rights leaders issued a blistering statement Monday following a meeting with Facebook CEO Mark Zuckerberg and other top executives to discuss the social network's decision to leave up comments from President Trump they say amount to calls for violence and voter suppression.

Why it matters: While Twitter has flagged two of the president's Tweets, one for being potentially misleading about mail-in ballot procedures and another for glorifying violence, Facebook has left those and other posts up, with CEO Mark Zuckerberg saying he doesn't want to be the "arbiter of truth."

4 hours ago - Technology

Cisco, Sony postpone events amid continued protests

Screenshot: Axios (via YouTube)

Cisco said Monday night that it is postponing the online version of Cisco Live, its major customer event, amid the ongoing protests that have followed the killing of George Floyd.

Why it matters: Cisco joins Sony, Electronic Arts and Google in delaying tech events planned for this week.