Remote Desktop Protocol or RDP was created by Microsoft to provide a graphical user interface to connect to another computer through the network. The user connects through an RDP client to another computer set up as an RDP server. You can use RDP to securely connect to windows systems. This is very convenient for users logging in remotely or logging into administrative servers.
However, during an RDP attack, cybercriminals exploit unsecured RDP services to get into your company’s network. Many RDP services are not properly protected by robust passwords or multifactor authentication. Unfortunately, that means that many are easy to break into.
Cameron Call with NSA in Las Vegas offers VDI services to healthcare, legal and accounting firms throughout Clark County shares his insights.
Why Has the Number of RDP Attacks Escalated?
With many workers connecting remotely from home during the coronavirus lockdown, cybercriminals have found an easier way to conduct these attacks. Server and network managers sign in remotely to operate critical systems. Many of these accounts go through RDP. When the passwords protecting these accounts are too weak, they are easy to compromise with readily available tools. Once an attacker breaches the RDP credentials, they can access many Windows systems.
- Kaspersky reports that over 1.5 million new RDP attacks have occurred since the lockdown began
- U.S. RDP attacks have tripled since the beginning of the pandemic.
- According to McAfee, hackers are selling credentials on the Dark Web for as little as $10.
How Can You Block RDP Cyberattacks?
These tips can help you avoid a system breach due to RDP attacks:
- Strengthen your security policy. Strong security policies include frequently updating credentials, using strong passwords, and keeping track of IP access. This enables your team to monitor and maintain control of remote activity.
- Be proactive. You need a security policy that handles endpoint access. A customized approach can help you limit RDP user access so security pros can block hackers from trying to obtain unauthorized access.
- Network visibility is another way to fight off RDP attacks. Segmenting access makes it clearer when unauthorized users are attempting to access the system. This gives IT security teams a full view of network activity and provides access to only the systems that employees need to do their jobs.
- Multifactor authentication for RDP ports enables security teams to customize user access by user group instead of providing open access to each person. This helps security teams block brute force attacks by making them easier to recognize.
- Implement a privileged access model. Remote solutions include VPNs that offer classification for each user accessing the system. By integrating user restrictions and a privileged access model, IT teams can segment off sensitive resources to those who really need to access them directly. This can help you protect corporate data and client privacy.
What Are the Best Practices for RDP Use?
There are several things your company can do to prevent RDP attacks from being successful such as the following:
- Judiciously assign RDP access by granting the minimum level needed for individuals to complete their work.
- Encourage VPN use so remote users can access the network free of the risks associated with the internet.
- Flag first-time connections and unusual behavior such as failed logins.
- An RDP gateway server simplifies management tasks such as authentication and authorization.
Use these security tips to thwart hackers looking for easy prey in the form of weak RDP connections. As the work from home model becomes more prevalent and permanent, RDP connections will become an increasing risk, unless you act now to put the proper protocol in place.