Can Desktop-as-a-Service protect AEC Companies from ransomware attacks?

Over the last decade, the number of architecture engineering and design (AED) firms using Desktop-desktop-as-a-Service (DaaS) and it's close cousing Virtual Desktop Infrastructure has grown dramatically. DaaS or VDI for CAD and BIM allows you to use powerful computers that are accessed over a network. Your staff can then load CAD and BIM models on these virtual desktops and work remotely. Virtual desktops are a useful solution for AED firms contemplating their hybrid working future and collaboration with contractors and customers. But are these environments safe from malicious ransomware attacks? 

Ransomware attacks are frequently in the news, with recent high-profile attacks including the Colonial Pipeline, the NBA and software firm Kaseya. Of particular relevance to AED businesses was the malware attack against Austrian engineering firm Palfinger.

If your designers are working on and storing highly valuable files using Desktop-as-a-Service, the thought that criminal gangs could hold your company’s data to ransom is very worrying.

So, is Desktop-as-a-service safe for design data, and how can you protect them?

What is Desktop-as-a-Service?

Let’s explain what Desktop-as-a-Service (DaaS) is using a well-known example - Netflix! With Netflix, the "real" movie is playing on a computer in Netflix's datacenter and streamed to your TV, computer, or mobile device. Desktop-as-a-Service works the same way—the "real" desktop is running on a powerful computer in the cloud and streamed to your device, so you can work from anywhere from your "virtual desktop" that runs in reality in a datacenter!

What is Virtual Desktop Infrastructure?

With VDI, your company owns and manages the servers where the "real" desktops run. Think of it like building your own private Netflix: you buy all the equipment, set it up in your office, and stream your own movies. It gives you control but requires a lot of time, effort, and money to maintain.

What about ransomware?

Ransomware, as the name suggests, is a type of malware which hackers use to extort a ransom from victims. Once the ransomware is loaded onto your company’s computer systems, the hacker can freeze files and demand money - usually in the form of cryptocurrency – to return access.

Ransomware works like this:

• An employee visits a dangerous website, OR clicks on a link in a phishing email, OR the hackers find a weakness in unpatched or out of date software.
• Once they are inside your systems, they are able to move laterally, accessing files and finding out more about your business.
• The criminal gang behind the ransomware attack freezes certain files and folders and then demands a ransom to have them returned.
• They may also threaten to release sensitive material that you hold. In the case of AED firms, this might be intellectual property or sensitive information about customer accounts.

Can ransomware affect virtual desktops?

Yes, ransomware can affect your virtual desktops in much the same way as it could affect your employees’ physical desktops. Depending on how your virtual desktops are set up they may offer more protection than a traditional workstation - but they could also potentially be riskier.

Many companies set up their virtual desktop environments so that the operating systems roll back to a ‘pristine’ state at the end of each day. Even if an individual desktop gets breached, the malware will be removed before it can do too much damage. Virtual desktops also have the benefit of being constantly up to date and easy to manage for your IT department. For instance, they can apply security patches to all your virtual desktops in one go.

However, for typical use in Architecture, Engineering and Design the virtual desktop is not rolled back and ‘cleaned’ every single day, there is a risk that the criminals could still steal key information or go on to corrupt the servers that the virtual desktop runs on. If you suffered a sophisticated attack, you would therefore be highly exposed.

How to tackle the virtual desktop ransomware threat

Virtual desktops face many of the same threats that physical desktops do when it comes to ransomware. The good news is that there are several simple steps you can take to improve your company’s cyber security hygiene and reduced the risk of ransomware attacks:

• Multi factor authentication: Multi factor authentication requires using two or more pieces of information to verify that someone logging onto your systems is who they say they are. For example, when logging into a virtual CAD or BIM design environment, multi factor authentication would request a password but also send an email to the user’s personal account to verify that it is indeed them logging on.

According to Microsoft, 99% of ransomware attacks could be avoided if companies used multi factor authentication.

• Endpoint protection and response: This is about your IT teams actively hunting for any malicious activity and blocking it.

• Encryption: Encryption means that if any of your data is stolen it will be unreadable and therefore unusable.

• Backing up: By backing up your data, images, configurations and designs, you will be able to restore your content if ever required. You need to store this information offline and separate from your other systems.

• Update and patch systems: If you frequently use virtual desktops, it is vitally important to watch out for any operating system updates coming down the line and patch any security weaknesses as soon as they are discovered.

• Create an incident response plan: Your IT department should develop an incident response plan to decide how you would act if you ever became victim of ransomware.

• Segment your networks: If you use VDI, segmenting your networks means that ransomware attackers cannot move from one network to another and steal more of your information.

These are just some of the many ways you can protect a virtual desktop infrastructure from ransomware attacks. For more help, the US government has developed a free-to-use Cyber Security Evaluation Tool which identifies your weaknesses so you can act on them.

Keeping virtual desktop infrastructure secure is vital

Maintaining and protecting virtual desktop infrastructure for CAD and BIM software is of course time consuming and requires significant expertise. And this is why many organisations choose to outsource management of their virtual desktops to a third-party provider.

Companies like Designair, that specialize in Desktop-as-a-service for AED firms, invest heavily to ensure that our environments are protected from ransomware. They do this by:

• Enforcing cyber security hygiene (such as multi factor authentication)
• Fully segmenting networks
• Zero-trust Network Access
• Client streaming over TLS 1.2 with AES 256-bit encryption
• Ability to block end-user access to e-mail and internet
• Auto-Lockout and Auto-Shutdown for abandoned sessions
• End-user device authentication
• Automatic updating and patching systems
• Analysing the threat landscape and updating our VDI to be more secure
• Continually testing our environments for potential threats
• Backing up data disks and storing them offline

A growing number of architecture, engineering and design firms are using virtual desktops to support their hybrid working strategies. And by following cyber security best practice, virtual desktops can be just as - if not more – safe as traditional desktop security.

Try out Designair or contact us to learn more about our ransomware prevention strategies.

‍