Remote Desktop Protocol (RDP) attacks can be extremely dangerous, whether from an enterprise or a single user point of view. They are basically backdoors which allow external users to access and use a system over the Internet. The United States’ Federal Bureau of Investigation (FBI) has defined RDP as, “a proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet. This protocol provides complete control over the desktop of a remote machine by transmitting input such as mouse movements and keystrokes and sending back a graphical user interface.”
RDPs can actually have several benefits. It can allow users to access their systems and do urgent or critical work when they are away. Unfortunately, unsecured RDPs are exploited by criminals to access enterprise networks. It is a top vector for ransomware – the SamSam ransomware attack infected close to 10,000 systems of LabCorp through a brute force attack on an RDP server. Other forms of an attack exploiting RDPs were CrySIS Ransomware, CryptOn Ransomware with Dark Web Exchange of stolen RDP login credentials.
A spate of RDP attacks
Other forms of ransomware attack through RDP brute force vectors are the Dharma ransomware outbreak, Lime ransomware, the Morto worm, a variant of Troldesh ransomware, Shrug2 and many many more. While Seqrite’s range of services are well-equipped to handle these type of attacks with the company recently revealing that it has successfully blocked more than 35,000 RDP-based based attacks on Indian enterprises every day, we cannot afford to be complacent as new variants are continuously emerging. In fact, the FBI also recently released an advisory highlighting these kinds of attacks and educating the public about them.
Some of the chief causes of RDP attacks are the following:
- Weak passwords which can be easily crackable or guessable making it even easier for criminals to access a system
- Outdated versions of RDP which are prone to new vulnerabilities
- Unrestricted access allowed to RDP ports
- Unlimited login attempts allowed to a RDP port
Seqrite products help in preventing these kind of attacks due to the following specialized features:
- Anti-Ransomware
Specially designed to counter ransomware attacks. This feature detects ransomware by tracking its execution sequence. - Firewall
Blocks malicious attempts to breach network connections. - IDS/IPS
Detects RDP brute force attempts and blocks the remote attacker IP for a defined period. - Virus Protection
Online virus protection service detects the known variants of the ransomware. - Behavior-based Detection System
Tracks the activity of executable files and blocks malicious files. - Back Up and Restore
Helps you take regular backups of your data and restore it whenever needed.
But don’t become complacent
However, it is always a good idea to follow certain precautions as well:
- Disable or minimize RDP use as much as possible
At its very core, RDPs can be dangerous and it is best to minimize usage of it as much as possible or in the best case scenario, disable it if it is not needed. If required, minimize usage as much as possible and follow very strict precautions.
- Back-up data regularly
Back up your important data regularly and keep a recent backup copy offline. Encrypt your backup. If your computer gets infected with a ransomware, your files can be restored from the offline backup once the malware has been removed.
- Use strong passwords
Use passwords with a mix of alphanumeric and uppercase-lowercase characters making it even tougher to be cracked. Two-factor authentication is an additional security measure which can be deployed.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more
No Comments