{"id":12458,"date":"2022-06-17T14:15:06","date_gmt":"2022-06-17T14:15:06","guid":{"rendered":"https:\/\/www.realvnc.com\/?post_type=blog&p=12458"},"modified":"2024-02-20T16:22:17","modified_gmt":"2024-02-20T16:22:17","slug":"current-state-remote-access-modern-day-data-breaches","status":"publish","type":"blog","link":"https:\/\/www.realvnc.com\/en\/blog\/current-state-remote-access-modern-day-data-breaches\/","title":{"rendered":"The Current State of Remote Access in Modern-Day Data Breaches"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

As ransomware gangs shift their focus from holding data for ransom to exfiltrating it and extorting payment from victim organizations, the data breach seems to be gaining steam as the threat action of choice.  This evolution of ransomware makes the annual Verizon Data Breach Investigations Report<\/a> (which uses tens of thousands of potential and confirmed data breaches to establish what modern-day data breaches look like) all the more valuable this year. <\/p>\n

In its 15th<\/sup> year, this report provides insight into how data breaches occur, and how long they take to detect; it also gives you an idea of where to place your focus when strengthening your cybersecurity posture.<\/p>\n

In this year\u2019s report, there is a recurring theme worth mentioning around the use of \u201cdesktop sharing\u201d software as part of data breach attacks \u2013 which Verizon defines as including \u201cRemote Desktop Protocol (RDP) and third-party software that allows users to remotely access another computer via the Internet.\u201d  With 80% of data breaches involving an external threat actor, that bad guy needs to gain entrance into the victim network somehow. <\/p>\n

And in the case of \u201cDesktop Sharing\u201d software (which is, in essence, any kind of remote access solution, including RDP), many organizations are simply handing the attacker the keys. Plenty of Dark Web forums list credentials for sale \u2013 no doubt stolen previously in phishing and social engineering attacks. So, by simply putting together a credential from the Dark Web, and a remote access<\/a> solution externally accessible, the cybercriminals have all they need to begin the process of stealing data from an organization.<\/p>\n

According to the report, this use of \u201cdesktop sharing\u201d within data breaches is material: abuse of remote access solutions is the #4 initial attack vector in data breaches (with the expected hacking and phishing being at the top of the list). It\u2019s also the #3 initial attack vector in Intrusion-related data breaches and is utilized in 40% of all ransomware incidents.<\/p>\n

This should come as no surprise, given that remote access solutions provide threat actors with interactive access to a desktop on an endpoint, allowing them to take advantage of any credentialed access the currently logged-on user has.<\/p>\n

The Verizon data should serve as a warning of just how threat actors see remote access\/desktop sharing as a tool to take advantage of should it be present.  So, what steps can you take to secure your organization while still allowing externally facing remote access to internal resources?<\/p>\n

There are a number of proactive steps you can take that will minimize the threat surface that remote access creates:<\/p>\n