I haven’t had anything on security for a while, but in everyone’s rush to work from home, there are a number of problems.
First, people decided to enable Remote Desktop Protocol (RDP), so they could work from home. RDP and VPN use skyrocketed since coronavirus onset. Which would (maybe) be OK, if they weren’t exposing RDP services to the public internet.
Use of RDP went up 41 percent to over 400,000 instances, according to Shodan. Those are only services listening on the default port, 3389. And there are services listening on 3388, where some “clever” sysdamins are hiding. Not so much really.
Microsoft has never been able to make this secure, and it should NOT be exposed to the public internet. Steve Gibson, of Security Now, called this situation “horrifying.” Expect to see an outbreak of ransomware and other issues, like data breaches, because of stupid sh#t like this in the near term.
Using Zoom to handle meetings? Good luck with that. Zoom Lets Attackers Steal Windows Credentials via UNC Links.
If a user clicks on a UNC path link, Windows will attempt to connect to the remote site using the SMB file-sharing protocol to open the remote cat.jpg file.
When doing this, by default Windows will send the user’s login name and their NTLM password hash, which can be cracked using free tools like Hashcat to dehash, or reveal, the user’s password.
That’s not the only problem with Zoom. If you are using Zoom, ZDNET and others have guides for how to do so securely.
And because the month wouldn’t be compete without a data breach… Marriott Reports Data Breach Affecting Up to 5.2 Million Guests.
From sometime in January until the end of February it appears that hackers had the credentials of 2 employees at a “franchise location” and were able to access the information.
Although an investigation of this incident is ongoing, Marriott says that currently there is no “reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”
Since their last breach impacted more than 300 million people, this is small potatoes.
I have a dream that someday corporations will treat security seriously, but it is only a dream, and it is not likely to come true during 2020.