RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources.
Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways.
Today, it is very common for businesses to use RDP as a method to access servers, collaborate with other employees and remotely access documents stored and backed up in their office. Given its wide range of functionality across a business, this network-based service can also be misused by cybercriminals to launch attacks. A recent statistics from Coveware has highlighted that RDP is the most dominant attack vector, being used in 63.5% of disclosed targeted ransomware campaigns in Q1 2019.
To add more woes to it, the year 2019 saw the discovery of the dangerous BlueKeep vulnerability impacting Microsoft’s Remote Desktop Protocol implementation. Despite the security updates being issued by Microsoft, the vulnerability was widely exploited in a cyber-espionage campaign to mine cryptocurrencies.
Threats against RDP services
RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources.
Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways.
Furthermore, cybercriminals have developed a wide array of tools to continuously look for remote access points on the internet. Because RDP is so widely used, it is a common target for MiTM attacks.
Following the release of PoC for BlueKeep, Microsoft has estimated that nearly 1 million devices using earlier versions of Windows are currently open to cyberattacks due to vulnerable RDP services.
Actions to be taken
Enhancing RDP security: Patching is an important way to ..
Support the originator by clicking the read the rest link below.
