The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Center (ACSC) are warning small businesses about using remote access software like Remote Desktop Protocol (RDP) due to escalating threats posed by the BianLian ransomware gang.
The cybergang, which has been running rampant since 2022, has been successfully breaching Windows systems using RDP credentials. Once private data is obtained, they extort money by threatening to release the information publicly.
According to the agency's #StopRansomware advisory, limiting the use of remote access software is the most effective way businesses can avoid extortion. But there are a number of other practical measures businesses can take, which we'll cover in this article.
Cybergang BianLian is Targeting Remote Desktop Software
If you're using Microsoft's Remote Desktop Protocol (RDP), it may be time to consider switching to an alternative.
This is because, according to a release by the joint Cybersecurity Advisory (SCA), the computer software is being exploited by BianLian — a cybercriminal gang and ransomware developer that has been targeting businesses and critical infrastructure organizations for almost a year.
According to the statement recently sent out by the agencies, the cybergang has been using RPD as a point of entry into Windows Sytems. Then, after gaining entry, they deploy harmful software to steal additional credentials or exfiltrate sensitive data in an effort to extort the victim.
Aside from exploiting RPD credentials, the threat actors have also been known to use phishing tactics to lure sensitive information from workers.
The BianLian ransomware group was first discovered in June 2022. Since its origin, the gang has listed a total of 118 organizations on its extortion portal, with 71% of which being US companies.
The gang has also switched from extorting victims by encrypting their files to threatening to leak stolen data to the public. As BianLian's strategies grow more ruthless, the threats it poses to US businesses have never been starker.
So, what are the best ways to evade these tactics, according to the security agencies' latest report?
How Can Businesses Stay Safe From BianLian?
Unsurprisingly, the best way to avoid being targeted by BianLian is to limit the use of remote desktop software like RDP.
If you're not able to stop using the software, the cybersecurity advisory recommends auditing remote access tools and keeping an eye out for abnormal use of these programs by reviewing logs.
Closing unused RDP ports, enforcing account lockouts after a specified number of login attempts, and applying phishing-resistant multifactor authentication (MFA) are some other tips the cybersecurity agencies put forward in their release.
Aside from auditing your remote desktop software, they also advise restricting the use of PowerShell and updating Windows PowerShell to its latest version.
Maintaining good password hygiene is another way threats can be kept at bay, according to the guidance. This includes creating passcodes of 15 characters or longer, storing them in industry-recognized password managers, and disabling password hints.
Check out our password security guide for more best practices.