What is an RDP Attack?
RDP, or Remote Desktop Protocol, is a port on devices that allow for remote access to be gained by anyone who has the appropriate credentials. An RDP attack means an unauthorized person or entity is accessing the network through the device’s RDP ports. The attack may be an actual person using brute force to hack into the RDP port, or it could be an automated technology, also using brute force to access the RDP port. Brute force is a term used when someone, or something, is guessing user credentials over and over again until they are able to gain access.
How Common Are They?
Over the last year, RDP attacks have increased in popularity for one major reason. They carry a significant payday if they are able to be executed. Typically the execution process takes a bit longer and is more labor-intensive than alternative hacking methods, but the end result is worth it to the cyber criminals. For instance, LabCorps, a major American labs facility hit with ransomware that executed through an RDP attack earlier this summer. The ransomware attack infected thousands of PCs and almost 2,000 servers.
Also, the malware options are limitless when it comes to an RDP attack. Once the hacker has access, they install spyware, keyloggers, cryptojacking software, worms, ransomware, and any other form of malware they’d like.
Staying Protected
The best way to prevent an RDP attack is to disable the remote access to your device. Home users can do this by following the instructions below:
- Open your Control Panel
- Access System and Security
- Choose System in the list menu
- Click on the Remote Settings in the left menu
- Remove the check mark from the “Allow remote assistance connections to this computer”
- Click Apply
- Click Okay
For business users, IT professionals are encouraged to conduct an audit of the RDP ports that are left open. If adequate rationale cannot be provided regarding the reason for these ports to be left open, they should be disabled immediately.
**PC Matic users, we encourage home users to disable the remote access feature. Often times, home users do not use the remote feature or even know they have it. Therefore, to minimize risk, disable the option so it cannot be exploited. For PC Matic MSP and Pro users, you now have the ability to disable the RDP ports directly from the portal. Our development team is also working on a vulnerability report to provide data on which RDP ports should be disabled.