Today’s post will cover several interesting tidbits of data about remote control products. The first tidbit comes from the recently released Verizon Data Breach Report which paints a detailed picture of how cybercrime is making money. The report looked at 90 data breaches that resulted in a loss of 285 million records. The item that struck me as interesting is the section discussing attack vectors.
“In approximately four of 10 hacking-related breaches, an attacker gained unauthorized access to the victim via one of the many types of remote access and management software. Rather than for internal usage, most of these connections were provisioned to third parties in order to remotely administer systems. As discussed extensively in this and previous reports, the ultimate attacker is not typically the third party (although that certainly happens). More often, an external entity compromises the partner and then uses trusted connections to access the victim. From the victim’s perspective the attacker appears to be an authorized third party, making this scenario particularly problematic. This is especially so when trusted access is coupled with default credentials.”
Why is it interesting to me? Because our own Application Usage and Risk Report (April 2009) indicates that these types of applications are being used not only by IT – but also by sophisticated employees who want to access their home machine – or someone else’s - while they are at work. Overall we found that 95% of the companies who participated in the analysis had remote control applications present. Not surprising really. What is surprising is  the breadth of application variants (24 different remote access control applications) and  the high rate of SSH usage (89% out of 63).
No doubt there are IT personnel in this group, but we know from looking at the user names and talking with customers that SSH usage is expanding to non-IT users. These intrepid users are accessing their home machines to do whatever they want. Little do they know that they are exposing themselves and the company they work for to numerous business and security risks. A visit to wikipedia provides background on SSH, free dameons and clients for anyone to use. And today’s end users ARE smart enough (or bold enough?) to use these tools.
But as the Verizon Data Breach Report points out, remote access applications carry risk – which is confirmed by the Internet Storm Center article about SSH. This article reminds IT folks to tighten their controls around SSH – particularly the passwords – which are easy to crack if less than 8 characters. So the 89% of the companies we found using SSH had better make sure that their SSH is locked down.
So back to the question in the title: are remote desktop access/control applications valuable? Without question – yes -- assuming proper controls and security are implemented and is being followed. But given the two data points above, it looks like we need to do some work.
Thx for reading.