UK unis implement new IP traffic policies to combat ransomware

/in


Jisc, the non-profit that supports the UK higher education and research community with shared digital infrastructure and services such as the Janet network, has announced that it will start blocking traffic originating from outside the UK from accessing the Remote Desktop Protocol (RDP) remote-access feature from 28 March 2023, to better protect its users from ransomware attacks.

The move follows a 2021 consultation with its users, and reflects the fact that 50% of major ransomware incidents experienced by UK higher education institutions in the past two years began when attackers exploited the RDP feature.

Going forward, said Jisc, inbound traffic to port 3389 – the default port used for RDP – that originates from outside the UK will be blocked, and only inbound traffic from UK IP addresses will be allowed to proceed. Currently, this blocking is possible via Jisc as an opt-in measure, but it will now be by default.

“The use of ransomware against our sector, and globally, has ramped up over the past couple of years, and some attacks against colleges and universities have been devastating,” said John Chapman, director of information security policy and governance at Jisc.

“Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber security incident. Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.”

Originally developed by Microsoft, RDP is a supposedly-secure network communications protocol that is intended to help IT admins diagnose problems remotely, and let users access their physical work desktops from other devices.

This is done by deploying RDP client software to connect to the system or server running RDP server software, and open a socket on the desired system to accept authenticated inbound traffic through port 3389. The user can then access all their applications and files just as if they were physically present in the workplace.

Legitimate use of RDP soared in 2020 during the Covid-19 pandemic, as millions of people were forced to work from home by lockdown restrictions, a policy that for many…

Source…