- Remote desktop protocol (RDP) exploded in popularity when the Coronavirus disease (COVID-19) pandemic ignited sweeping lockdowns and work-from-home orders because it enabled workers to continue work while away from the office. However, they are not without their security issues, such as commonly exposed port access points and weak sign-in credentials.
- RDP is one the most common ways attackers compromise network security simply due to its ubiquitous nature and improper security.
- Exposed RDP are extremely attractive targets for cyber attackers, as there are many vulnerabilities they can utilize to attempt to gain a foothold in a network and launch their attack. As most organizations use RDP, the likelihood of discovering an exposed network is high. Once in the network, cyber attackers can perform whatever action they desire, such as deploy ransomware or data exfiltration for IP theft, data reselling or extortion. Additionally, RDP is increasingly becoming the most popular attack vector for ransomware operators, nearly edging out phishing.
- Some cyberattackers sell RDP credential on multiple underground communities and forums as means to make an extra buck.
- Steps IT leaders can take to protect their organization from RDP attacks include:
- Restrict access to RDP connections to trusted sources
- Audit connectivity logs for unknown connections
- Implement two-factor authentication (2FA) for RDP logins
- Audit administrative accounts regularly to ensure unexpected accounts haven’t had their permissions escalated to an admin account
– Josh Smith | February 14, 2021