Scan for exposed RDP ports: The attacker uses free, simple-to-use port-scanning tools such as Shodan to scan the entire Internet for exposed RDP ports.The process typically looks something like this: The incidents we have observed recently mostly rely on hacking Internet-exposed RDP systems.
Today, RDP is regarded as the single biggest attack vector for ransomware.
By mid-April, this number had ballooned to almost 1.3 million. At the start of March 2020, there were about 200,000 daily brute-force RDP attacks in the U.S, according to a Kaspersky report. This is not a new threat, but the global shift to remote working has underscored the fact that many organizations do not adequately secure RDP – and threat actors are taking advantage. If the connection is successful, the attacker gains access to the server and can do anything within the hacked account’s privilege limits. However, serious problems may arise when RDP ports are left open to the Internet because it allows anyone to attempt to connect to the remote server. RDP is generally regarded as a safe and secure tool when used within a private network. Administrators also commonly use RDP to remotely diagnose and resolve technical problems with end users’ devices. RDP is typically used in a business environment to allow end users to remotely access files and applications stored on the organization’s local network. RDP transmits the display of the remote server to the client and the input of peripherals (such as keyboard and mouse) from the client to the remote server, effectively allowing users to control a remote computer as though they were operating it in person. Available for most Windows operating systems, it provides a graphical interface that enables users to connect remotely to a server or another computer. RDP is a network communications protocol developed by Microsoft.
In this blog post, we will discuss why threat actors use RDP to deploy malware, how our solutions protect users against RDP brute-force attacks and best practices for mitigating RDP-based threats. The number of Internet-exposed RDP ports grew from approximately 3 million in January 2020 to more than 4.5 million in March, according to a McAfee report. Threat actors predicted that many organizations would not have the time or resources to securely implement RDP during the mass transition to working from home and, as a result, may be vulnerable to compromise. However, the rapid shift to remote working has also provided a unique opportunity for ransomware groups. In recent months, organizations across every sector have come to rely heavily on Remote Desktop Protocol (RDP) to maintain business continuity while respecting social distancing.
0 kommentar(er)
