Since COVID lurked into our lives Remote Desktop Services, sometimes shortened to RDS or RDP, have been widely adopted and because of that, it is a common target for cyberattacks. Without properly using it, your RDS can become the gateway where a malware infection or targeted ransomeware is deployed, resulting in a critical service disruption.
RDP is a proprietary protocol developed by Microsoft which provides remote access to the desktop environment of another computer of a network. Since COVID, the use of this same technology over the internet has skyrocketed. This is because it’s very easy to implement. Any Windows user can open built in RDP software and connect to a computer back at their office. In a well structured environment, this is done using servers. Unfortunately, with the ease of use and quick setup comes a big security consideration. If it’s done poorly, it’s much the same as leaving your keyboard, mouse and monitor on your driveway and anyone can have a go at guessing passwords or using exploits to get in.
What attacks can be done to RDP
Cyber hackers and actors have developed methods of identifying and exploiting vulnerable RDP sessions via the Internet to steal identities, login credentials and install and launch ransomeware attacks.
- MitM Attack. RDP sessions are susceptible to man-in-the-middle attack where a hacker intercepts all communications between a client and a terminal server using ARP (Address Resolution Protocol) / DNS (Domain Name System) Spoofing to spread ransomware or creating fake networks that an attacker controls.
- Credential Harvesting a.k.a password harvesting. Capturing and selling RDP credentials on the Dark Web has been lucrative for a lot of hackers. Cybercriminals would buy and sell access to hacked servers for as low as $6 each as per 2016 Kaspersky report
- DoS Attack. Denial of Service Attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. … DoS attacks can cost an organization both time and money while their resources and services are inaccessible
CROFTI and the DarkWeb
The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used to keep internet activity anonymous and private, which can be helpful in both legal and illegal applications. While some use it to evade government censorship, it has also been known to be utilized for highly illegal activity.
Now what can we do to help?
Microsoft RDP has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections. Here at CROFTi we educate you in all security vulnerabilities and flaws of RDP an organisation should be aware of. We make sure that our clients have the following to secure RDP access to both desktops and servers.
- Strong passwords
- Two factor authentication
- Up to date softwares
- Restricted access using firewalls
- Enable network level Authentication
- Limit users to log in RDP
- Set an account lock-out policy
- Limited access to clients/servers offsite
- Use RDP Gateways
- Change listening ports
- Tunnel RDP Connections
And of course, Credential Monitoring where we give an in depth report if you have credentials already sold in the dark web.