RDP Attacks targeting Remote Desk Protocol continue post-pandemic as remote work continues
Windows RDP proved to be a hot target for cybercrime during the pandemic. In the first quarter of 2020 as the pandemic took hold, attacks on RDP began to increase at an alarming rate. Kaspersky reported a 197% increase, according to researchers. In 2021 as more employees continue their remote work, RDP continues to be a target. RDP security proves to be important for organizations.
A Hot Target
A Hot Target
RDP is Microsoft’s proprietary protocol for enabling remote work across Windows servers. Many organizations use this popular remote access protocol. While RDP is very useful for enterprises, it has a large attack surface.
With its wide use, it became a popular target for bad actors during the pandemic. Once enterprises made their RDP services available, cybercriminals took note. These bad actors used RDP to amplify their efforts. They also used malware to spot vulnerabilities. These vulnerabilities can open enterprises up to serious damage.
System Vulnerabilities
System Vulnerabilities
System Vulnerabilities
System Vulnerabilities
RDP must function with certain privileges to operate a machine for its user. Because of this, bad actors will inherit those privileges if they can get in.
Past vulnerabilities with RDP include BlueKeep and DejaBlue, which appeared in 2019. These allowed bad actors to bypass authorization and execute code on the server. Patches were created and made available. But, these patches don’t prevent new vulnerabilities from happening.
Patches are not always immediately available, either. This means that organizations should practice preparation and RDP security. This will help prevent attacks before they start.
Solutions for Enterprises
Solutions for Enterprises
Solutions for Enterprises
Solutions for Enterprises
There are steps enterprises can take to help protect their RDP servers. In order to implement RDP security, they should:
- Direct access should not be granted to an RDP server
- Access should be behind a separate service with limited privileges
- Employees should create complex passwords
- Use a corporate VPN for access to RDP
- Enable 2-factor authentication
The caveat with VPNs is that they can be difficult to manage and scale. This may be unsustainable for companies, especially with remote work continuing.
There are steps enterprises can take to help protect their RDP servers:
- Direct access should not be granted to an RDP server
- Access should be behind a separate service with limited privileges
- Employees should create complex passwords
- Use a corporate VPN for access to RDP
- Enable 2-factor authentication
The caveat with VPNs is that they can be difficult to manage and scale. This may be unsustainable for companies, especially with remote work continuing.
Moving Forward in a Remote World
Moving Forward in a Remote World
Since RDP has become a target for cybercriminals, it’s unlikely that attacks will stop. More employees continue to work remotely. Enterprises need to practice awareness and adopt solutions to protect themselves from attacks.
Solutions include consistent patching and placing RDP behind a secure gateway. Enterprises should also allow only the least privilege necessary. Employees should make sure to create complex passwords and enable 2-factor authentication.
With these security measures in place, enterprises can reduce their risk of attacks. If organizations put in place these practices, RDP attacks may slow down.
Leave A Comment