![]() ![]() Gamblin: Without many exceptions, all RDP instances should require multiple levels of access and authentication controls. What security options should organizations put in place to better protect themselves against threats to RDP accounts and connections? The RobinHood attack against the City of Baltimore in May 2019 and the SamSam attack against the city of Atlanta in August 2018 are examples of RDP originated attacks. Ryuk ransomware, which has been especially active in 1Q 2020, uses RDP to spread laterally after the initial foothold is gained. The Sodinokibi and GandCrab malware attacks incorporate RDP modules. For instance, attackers could exploit BlueKeep ( CVE-2019-0708) to gain complete control of a managed service provider’s (MSP) unpatched RDP servers.Ī new module in Trickbot specifically tries to brute-force RDP accounts. The second involves exploiting a software vulnerability to gain control of an RDP server. Gamblin: Finding and exploiting an RDP vulnerability will be the first step in an attack chain that would likely be used to attack internal data stores and directory services to pivot to either a financial motive, or the ability to disrupt operations.Īnanth: One common tactic is RDP brute-forcing, where attackers automate many login attempts using common credentials, hoping one hits. How do hackers and cybercriminals try to take advantage of RDP accounts and connections? Worldwide, more than two million systems are exposed to the internet via RDP, of which more than 500,000 are in the US. Web crawlers like shodan.io make it easy for attackers to quickly identify vulnerable public-facing machines. Older servers, which are vulnerable, are often patched at a slower cycle, and this extends the life of such vulnerabilities. The top 6 enterprise VPN solutions to use in 2023ĮY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverseĮlectronic data retention policy (TechRepublic Premium) Google offers certificate in cybersecurity, no dorm room required Exploits for these vulnerabilities have been on sale on web criminal marketplaces since 2018. As of mid-2019, about 800 million users were considered vulnerable. Patching vulnerabilities without weaponized public exploits like CVE-2020-0660 are safe to keep in your normal patching cadence.Īnanth: RDP as implemented in versions of Windows, including Server 2008/12 R2, 7, 8.1, 10, are known vulnerable to exploits described as CVE-2020-0609, CVE-2020-0610, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Gamblin: Like all vulnerabilities, it is important to take a risk-based approach and prioritize patching RDP vulnerabilities that have known weaponized public exploits like CVE-2019-0708 (BlueKeep). What security vulnerabilities and flaws should organizations be aware of with RDP? Ananth, chief strategy officer at managed security service provider Netsurion, offer their thoughts and advice for organizations that use RDP. ![]() In the following Q&A, Jerry Gamblin, principal security engineer at Kenna Security, and A.N. ![]() SEE: How to work from home: IT pro’s guidebook to telecommuting and remote work (TechRepublic Premium) For these reasons and more, organizations need to adopt certain security measures to protect themselves when using Microsoft’s RDP. If successful, they can then gain access to the remote workstations or servers set up for that account. Further, hackers continually use brute force attacks to try to obtain the user credentials of accounts that have remote desktop access. Most notably, 2019 gave rise to a vulnerability known as BlueKeep that could allow cybercriminals to remotely take over a connected PC that’s not properly patched. RDP has been hit by various security holes and obstacles over the years. Using such built-in tools as Remote Desktop Connection, people can access and work with remote machines. And for that, many organizations with Windows computers rely on Microsoft’s Remote Desktop Protocol (RDP). Sometimes that means connecting to a workstation or server within the company to perform key tasks. But remote workers still need to do their jobs to the best of their abilities. With the coronavirus spreading across the world, more people are working from home as a way to practice social distancing. Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections. How to better secure your Microsoft Remote Desktop Protocol connections ![]()
0 Comments
Leave a Reply. |