Microsoft RDP Attacks: Here’s What MSSPs Need to Know
Microsoft Remote Desktop Services provide remote users with access to a computer over a network and ensure they can control it using a Windows graphical user interface. Furthermore, Remote Desktop Protocol (RDP) allows end users to remotely connect to Windows systems, and cybercriminals are increasingly exploiting RDP to launch ransomware attacks, according to British security software company Sophos.
Cybercriminals are using BlueKeep, a “wormable” vulnerability that self-replicates malware to spread across the Internet rapidly, to launch RDP attacks. This allows cybercriminals to trigger ransomware outbreaks and compromise RDP servers to invade networks that often consist of millions of Internet-connected RDP servers, Sophos said.
In addition, cybercriminals frequently use password-guessing attacks to probe computers exposed by RDP, Sophos noted. They also select RDP attack targets based on their vulnerability to RDP brute forcing.
How to Combat RDP Attacks
System administrators, cloud computing vendors and Microsoft must work together to address RDP attacks, Sophos stated.
Sysadmins can require strong RDP passwords, as well as set RDP remote access restrictions and account lockout policies. With this approach, sysadmins can minimize the risk of RDP attacks.
Meanwhile, cloud computing vendors may need to modify the default configurations in their standard machine images, Sophos indicated. For example, updating remote administration configurations for cloud instances running Windows could help reduce the number of potential RDP attack targets.
Microsoft also could implement two-factor authentication or other authentication measures to help organizations combat RDP attacks, Sophos pointed out. In doing so, Microsoft could make it difficult for cybercriminals to use password-guessing to launch RDP attacks.