BullWall SIP Brings MFA Behind the Firewall

Protects Servers, Thwarts Compromised Credentials Use, Strengthens Cyber Insurance Eligibility

Remote Desktop Protocol (RDP) Sessions are the entry point for fully 50% of all ransomware attacks.

BullWall’s new Server Intrusion Protection (SIP) brings multifactor authentication (MFA) behind the firewall to protect servers from unauthorized access resulting from the use of compromised credentials during RDP sessions. Placing BullWall’s MFA between the server and any unauthorized users thwarts bad actors who may have gained entry to the network by preventing their deployment of ransomware and impeding breach progression.

When an illegitimate session is detected, BullWall blocks any compromised clients and servers and immediately issues alerts. Experts believe SIP to be a significant new weapon to combat the use of stolen or compromised credentials – a major vulnerability for most organizations.

“One of the biggest stumbling blocks to obtaining cyber insurance is the requirement for MFA on servers in addition to endpoints, for every login attempt. BullWall Server Intrusion Protection provides a game-changing MFA solution for server access that doesn’t require a second device. We’re thrilled to offer a solution that increases security, reduces user friction and stops today’s most common attack vector,” said Morten Gammelgard, BullWall Co-Founder and EVP of EMEA.

Threat actors particularly target RDP for ransomware deployments for several reasons:

  • It’s widely used for remotely accessing and managing Windows systems – even more so since the work-from-home migration. It’s an attractive target, both for its ubiquity and because it provides a direct pathway into a network.
  • Weak and default credentials provide open doors for attackers, who look for RDP servers with weak or default credentials. Poor password management, failure to change default passwords, and the use of intuitive passwords are all contributing factors that enable brute-force attacks.
  • Credential theft via phishing, keyloggers, or credential dumping attacks add to the risk.
  • Exploitable RDP vulnerabilities can allow attackers to execute code remotely, enabling them to compromise systems without the need for valid credentials.
  • Lateral Movement: Once inside a network through an RDP compromise, attackers can move laterally and escalate privileges, allowing deployment of ransomware across a broader range of systems.
  • Lack of monitoring and logging can allow unauthorized access to continue undetected.

BullWall experts note examples such as the City of Atlanta, LabCorp, a major medical testing company, the University of Glasgow in Scotland and the Dussmann Group in Germany as recent victims RDP-based attacks on various industries.

SMBs Especially Susceptible to RDP-Based Attacks

Major organizations aren’t the only targets for RDP-based attacks. Small to medium-sized businesses (SMBs) and public sector entities are also attractive to threat actors, as incidents like the Redcar and Cleveland Borough Council in the United Kingdom show.

SMBs often have limited cybersecurity resources and may not have implemented robust security practices, making them attractive targets for ransomware operators.

The global prevalence of RDP-based ransomware attacks – on organizations of all sizes and sectors – underscore the need to proactively mitigate the threat by securing their RDP access points and fortifying overall cybersecurity defenses.

BullWall Server Intrusion Protection works together with BullWall Ransomware Containment (formerly BullWall RansomCare) to prevent and contain ransomware, protecting the organization’s most important, targeted digital assets against cyberattacks – a singularly important safeguard that can substantially impact cybersecurity insurance eligibility and terms for many organizations.

Jan Lovmand, BullWall Co-Founder and CTO, said: “Remote Desktop Protocol is the single most exploited initial attack vector and the entry point for fully half of all ransomware attacks. We’re really excited to introduce BullWall Server Intrusion Protection to shut down RDP session-level attacks, closing a door that’s otherwise too easily opened. Together with our Ransomware Containment solution, BullWall offers organizations the strongest defense against ransomware available on the market today.”

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.