Unsecured RDP Endpoints Attract Ransomware Gangs

Unsecured RDP Endpoints Attract Ransomware Gangs

For connecting to remote systems, Remote Desktop Protocol (RDP) is one of the most preeminent technologies used today. There are millions of systems with RDP ports exposed online, which makes RDP a massive attack vector among ransomware operators.

RDP tops the charts

According to Recorded Future, RDP is the most common intrusion method used by threat actors—to gain access to Windows computers and install malware—for most ransomware attacks in 2020.
Cybercriminals scan the internet for RDP endpoints and then conduct brute-force attacks against several systems, trying to crack user credentials. Systems using weak usernames and passwords are impacted and put up for sale on RDP shops—websites where access to hacked systems is sold to attackers.

The traditional recipe

Though RDP can be exploited in several ways, attackers are mostly found relying on already exposed RDP systems.
At first, they use open source port-scanning tools to scan for exposed RDP ports online and then try gaining access to a system using brute-force tools or stolen credentials purchased from black markets.
Once the attackers gain access to the target system, they make the network vulnerable by deleting backups, disabling antivirus software, or changing configuration settings.
After disabling the security systems and making the network vulnerable, attackers deliver malware payloads. The process involves installing ransomware, using infected machines to distribute spam, deploying keyloggers, or installing backdoors to be used for future attacks.

Recent RDP attacks

Researchers at Group-IB have identified Iran-based low-skilled hackers that find victims by scanning IP addresses on the in ..

Support the originator by clicking the read the rest link below.