The following details are provided to assist organizations in detecting, threat hunting, and reducing malicious RDP attempts. Subsequently, September 2019 saw the release of a public wormable exploit for the RDP vulnerability. For example, the BlueKeep vulnerability ( CVE- 2019-0708) first reported in May 2019 was present in all unpatched versions of Microsoft Windows 2000 through Windows Server 2008 R2 and Windows 7. RDP has also had its fair share of critical vulnerabilities targeted by threat actors. They also found that “ In Q2 email phishing and brute forcing exposed remote desktop protocol (RDP) remained the cheapest and thus most profitable and popular methods for threat actors to gain initial foot holds inside of corporate networks.” The researchers found that 42 percent of ransomware cases in Q2 2021 leveraged RDP Compromise as an attack vector. The dangers of RDP exposure, and similar solutions such as TeamViewer (port 5958) and VNC (port 5900) are demonstrated in a recent report published by cybersecurity researchers at Coveware.
Furthermore, the default authentication method is limited to only a username and password. RDP communicates over the widely known port 3389 making it very easy to discover by criminal threat actors. With the increase of organizations opting for remote work, so to has RDP usage over the internet increased. However, RDP was not initially designed with the security and privacy features needed to use it securely over the internet. Remote Desktop Protocol (RDP) is how users of Microsoft Windows systems can get a remote desktop on systems remotely to manage one or more workstations and/or servers. Category: Detection/Reduction/Prevention Overview
0 kommentar(er)
