RDP Attackers Have Made Themselves at Home

RDP Attackers Have Made Themselves at Home

The COVID-19 pandemic has changed the way we live and function. In the same vein, the cybersecurity world has been drastically changed by it too. Cybercrimes have seen an unparalleled surge and businesses are facing hard times dealing with it. 

What’s going on?


We all know that the attack surface has expanded because of the sudden shift to work from home, and now, this has given a boost to Remote Desktop Protocol (RDP) attacks. In 2020, a 768% increase in RDP attacks was observed. 

What’s the threat?


Most ransomware attacks gain access to a network via a backdoor approach that abuses flaws in RDP software or the way it is deployed. Researchers have discovered 25 vulnerabilities in some of the most commonly used RDP clients, including FreeRDP, Rdesktop, and Microsoft’s built-in RDP client with the executable file mstsc.exe.

Why are RDP attacks gaining traction?


Since RDP attacks are not dependent on the human factor but technology, attackers don’t have to struggle much. Misconfigured RDP can lead to the loss of valuable resources, including devices with admin access and company servers, and ultimately, network-wide compromise. 

What can we learn from this?


The topmost priority is to protect against RDP attacks by limiting the number of open ports, restricting access, and enhancing the security of the exposed ports. This can happen to any organization and thus, every firm should secure RDP ports and protocols and stay safe from ransomware attacks.