RDP (Remote Desktop Communication Protocol) vulnerabilities are still a nightmare for system administrators even though the hackers have been known to exploit the RDP vulnerability since 2011. Can it be the same threat as the devastating WannaCry attack of two years ago?
Last year, criminal groups behind the network of Matrix and SamSam, two of the largest targeted malicious software attacks, almost completely abandoned other network intrusion methods and used the RDP vulnerability instead to launch attacks.
According to the latest research report, attackers can almost find devices that can connect to the network and open RDP functions anytime, while using RDP vulnerabilities to attack major enterprises.
According to Matt Boddy, a security expert from Sophos, a recent RDP remote code execution vulnerability called BlueKeep (CVE-2019-0708) has caused a lot of attention. This vulnerability could bring global malware outbreaks in a matter of hours. BlueKeep is just the tip of the iceberg, so preventing RDP vulnerabilities is more than just patching the system to prevent it. IT administrators must pay more attention to the overall operation of RDP, because the research found that cybercriminals will use passwords to guess attacks to find out the PC that becomes vulnerable to intrusions due to RDP vulnerabilities.
The main findings of the research report are:
Hacker behavior analysis:
According to the research results, three characteristics of hacker attack patterns are identified – The ram, The swarm and The hedgehog:
Today, more than 3 million devices worldwide are accessible through RDP and have become the focal point of cybercriminals’ attacks. These attackers almost have given up on using other methods, but only cracked RDP password by brute force to successfully invade the enterprises. As all honeypots were exposed to the Internet due to RDP and were discovered by attackers within hours, enterprises must minimize the use of RDP features and ensure that password management within the enterprises is effective. Also, enterprises must tailor their security protocols to withstand endless cyber attacks. Patch your older Windows PCs to prevent the serious vulnerability.
Published by Emerson L. Sullivan & last updated on August 5, 2019 3:28 am