RDP access attacks

RDP, or Remote Desktop Protocol, is a protocol widely used by organisations to enable their employees to access internal resources remotely. Recently, the Covid 19 pandemic and associated health measures have led many organisations to use the RDP protocol. In the rush to do so, they have sometimes sacrificed the security that such remote access requires, with serious cyber-security consequences, which partly explains the explosion of cyber-attacks in recent months. Cyber attackers have seen this as a golden opportunity to gain access to the networks of companies using the protocol.

Cyber-attackers have several options for carrying out their attacks via RDP. As the protocol is based on simple login/password authentication, some have no hesitation in retrieving all the work emails and trying to crack the password using brute force, which in many cases pays off because the passwords are too weak.

What’s more, because the port used by RDP is generally the same, 3389, an organisation that hasn’t secured this port with a firewall is very vulnerable. It is important to block unauthorised connections and requests on this port to prevent cyber attackers from exploiting it.

Finally, some RDP attacks have been made possible by 0-day vulnerabilities. Although rare, these pose a real threat to organisations using the protocol and, unlike the other two attack vectors, are not the result of a bug or human error on the part of users or administrators. To find out more, read our article on the subject!