Cybercriminals are using Microsoft Remote Desktop Protocol (RDP) attacks, and MSSPs must plan accordingly, security software company Sophos says.