Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
How to protect RDP from ransomware attacks
#1
Quote:In the past few months, companies from all industries have worked intensively with the Remote Desktop Protocol (RDP) in order to keep their business going while maintaining the spatial distance.

However, this short-term switch to home work also proved to be a unique opportunity for ransomware groups. Attackers speculated that many companies would not have the time or resources to implement RDP in a secure manner during this major upheaval, which would result in security vulnerabilities.

And they should be right. According to a McAfee report, the number of open RDP ports rose from 3 million in January 2020 to over 4.5 million in March.

In this article, we explain why attackers use RDP to spread malware, how our solutions protect users from RDP brute force attacks, and how you can best protect yourself against RDP-based threats.

What is RDP?

RDP is a network communication protocol developed by Microsoft. It is available on most Windows operating systems and provides a graphical user interface that allows users to remotely access a server or other computer. The display of the remote server is transferred to the client computer via RDP and the remote server can be operated using the client's input devices (such as a keyboard or mouse). In this way, users can work on the external computer as if they were sitting in front of it.

RDP is typically used in business environments so that end users can externally access files and applications that are on the company's local network. Administrators also frequently use RDP for remote diagnosis to solve technical problems on the end devices.

This is how attackers use RDP to place malware

RDP is generally considered a secure tool within a private network. However, opening RDP ports to the Internet can lead to serious problems, since everyone can now theoretically try to connect to the remote server. If this attempt is successful, attackers can access the server and act freely within the permissions of the hacked account.

This is by no means a new threat, but the global move to home work has once again underlined that many companies do not adequately protect RDP - and attackers are taking this opportunity. In early March 2020, there were 200,000 RDP brute force attacks per day in the United States, as Kaspersky reports. In mid-April the number had already increased to an incredible 1.3 million. Today, RDP is the largest attack vector for ransomware .

RDP can be used in different ways. The incidents we have observed recently rely on systems with open RDP ports. The procedure usually looks like this:

Search for open RDP ports: The attackers use free scan tools such as Shodan to search the Internet for open RDP ports.
Login attempt: The attackers then try to gain access to the system using stolen or blacklisted credentials (usually as an administrator). Brute force tools are particularly popular, which systematically try out all possible character combinations for logging in until the correct user name and password have been found.
Deactivating security systems: As soon as the attackers have gained access to the system, they try to weaken the network as much as possible. Depending on the privileges of the hacked account, this can range from deactivating the antivirus software to deleting backups and changing normally locked configuration settings.

Delivering the payload: After the security systems have been deactivated and the network is weakened, the payload is delivered. This can include installing ransomware on the network, using keyloggers, spreading spam over the hacked computers, stealing confidential data, or installing back doors for future attacks.

Continue reading HERE
Reply
#2
thanks tarekma7

seems link for another post Thumb
Reply
#3
(07-21-2020 , 07:38 PM)baziroll Wrote: thanks tarekma7

seems link for another post Thumb

I just noticed that, corrected
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ransomware gangs add DDoS attacks to their extortion arsenal tarekma7 0 1,415 10-02-2020 , 12:54 PM
Last Post: tarekma7
  How to Protect Xbox Console from DDoS Attacks tarekma7 0 1,314 08-06-2020 , 07:02 PM
Last Post: tarekma7
  No more back door for RDP-based attacks (ransomware) tarekma7 0 3,247 07-02-2020 , 09:44 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)