PL
DE
UK
During the pandemic, the number of attacks via remote desktop and via the Microsoft Remote Desktop Protocol (RDP) increased. For almost a year now, many of us works remotelywhich makes it easier for cybercriminals to access sensitive corporate data. How do you protect yourself?
From Cisco’s “Defending against critical threats” report, one can learn that as the way of working has changed, hackers have begun to massively attack remote desktop and solutions that enable people to work from home.
Attacks on remote desktop and RDP
These include the Remote Desktop Protocol (RDP), which is used to efficiently connect to a remote computer desktop. RDP is often used by employees in home office mode, as well as personnel who deal with technical support (e.g., a team solving given technical problems). Upon a successful attack on RDP, cybercriminals gain access to the target computer, along with the user’s privileges, data and entry to all folders.
Other types of attacks
Hackers try to steal user credentials during sessions. Then they run man-in-the-middle attacks, which involve a hacker placing malicious tools between a victim and a resource. The resource is most often a website or email program.
Another type of attack is ransomware, which is software that blocks access to a computer system or prevents data from being read. The scale of hackers has changed, and they often treat individual devices as a tool to gain entry into an organization’s network. After gaining access to company data and confidential business information, a ransomware attack is launched. Access to company networks can be purchased on the black market. This is only a small part of hacking attacks.
Security methods
Extreme caution and action are recommended:
- RDP security on the company’s computers,
- creating strong passwords and multi-level authentication to further validate users’ identities,
- avoid connecting remote desktops directly to the network. IT administrators should require that the RDP protocol be made available only through a corporate VPN,
- use network level authentication (NLA) and close port 3389 if RDP is not in use, IT admins should pay close attention to attempted false logins appearing in computer system logs, as well as to attempted abnormal connections over the RDP protocol.