RDP, or Remote Desktop Protocol, is a port on devices that allow for remote access to be gained by anyone who has the appropriate credentials. An RDP attack means an unauthorized person or entity is accessing the network through the device’s RDP ports. The attack may be an actual person or automated technology using brute force to hack into the RDP port. Brute force is a term used when someone, or something, is guessing user credentials over and over again until they are able to gain access.
How Common Are They?
Over the last year, RDP attacks have increased as a popular attack vector. This specific form of malicious attack carries a significant payday if it is able to be executed. Typically the execution process takes a bit longer and is more labor-intensive than alternative hacking methods, but the end result is worth it to the cyber criminals. For instance, LabCorps, a major American labs facility was hit with ransomware that executed through an RDP attack earlier this summer. The ransomware attack infected thousands of PCs and almost 2,000 servers. Most recently, Otsego County in New York was hacked through the RDP ports, so criminals could use the county’s system resources for crypto-mining.
The malware options are limitless when it comes to an RDP attack. Once the hacker has access, they have the ability to install spyware, keyloggers, crypto-jacking software, worms, ransomware, or any other form of malware they’d like.
The best way to prevent an RDP attack is to disable the remote access to your device. Visit our blog post regarding disabling RDP ports here.
Also, IT professionals are encouraged to conduct an audit of all enabled RDP ports. If adequate rationale cannot be provided regarding the reason for these ports to be left open, they should be disabled immediately. PC Matic Pro recently added an endpoint vulnerability feature to its portal, allowing IT pros to gather this information quickly and efficiently.
Lastly, PC Matic has now included a timeout feature for all users, home and business, which we believe will thwart brute force attacks.
To read the Q3 PC Pitstop Newsletter in its entirety, click here.
1,016 total views, 2 views today