Monday, January 18, 20:58
Home security How dangerous and frequent is an attack on RDP-enabled computers?

How dangerous and frequent is an attack on RDP-enabled computers?

How long does it take for an attack on RDP-enabled computers? In some cases, a few minutes. In most, less than 24 hours.

The problem with RDP (Remote Desktop Protocol)

"In recent years, criminals have been targeted ransomware such as BitPaymer, Ryuk, Matrix and SamSam almost completely abandoned others hacking methods in favor of using RDP, ”say Sophos researchers Matt Boddy, Ben Jones and Mark Stockley.

RDP

The hackers have the choice to break passwords using tools like NLBrute or buy broken passwords by others or accounts on broken RDP servers.

In order to get an idea of ​​how many attacks the RDP servers face daily, 10 geographically dispersed versions of Amazon EC2 Windows Server 2019, with RDP enabled and are insured with a “prohibitively strong password ”.

One of them accepted a RDP brute-forcing attack for one minute and 24 seconds. In total, during the month, 4.298.513 recorded failed login attempts.

RDP

Some attackers tried to attack on administrator accounts while others were in low-bills, in the hope that passwords would be easier to uncover. In an effort to keep their activities low profile, they slowly escalated their attacks by limiting or strengthening the case accordingly.

Another interesting thing that this research showed: attackers do not rely on Shodan - the search engine that lists devices connected to the Internet - to identify potential targets.

Reduce DP password brute-forcing risk

RDP-based Remote Desktop Services is a useful technology that allows business managers to reach out to and interact with computers on remote networks or on in cloud.

Two months ago, the Microsoft warned about it CVE-2019-0708 (also known as BlueKeep), a wormable unauthorized remote code execution flaw in RDS, which was expected to be widely exploited.

brut-forcing

Although cyber experts believe that hacking teams funded by the state already use BlueKeep for quiet invasions, we still do not have some mass exploitation.

However, inadequately secure RDP servers represent an easy target for hungry cybercriminals, who often use them to spread malware (usually ransomware) throughout the target network.

RDP brute-force

Although the solution for RDP password brute-forcing is as easy as choosing a powerful and long Password, researchers are skeptical about this.

  • Microsoft could set two-factor authentication as a mandatory measure or switch to another form of authentication (eg public key authentication).
  • Cloud computing vendors could offer servers with an alternative form of remote management or authentication.
  • But until this happens, managers can mitigate the risk by allowing multi-factor authentication.
  • Finally, if the RDP is not necessary, it must be disabled. When needed, you only have access via a virtual private network (VPN).

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Android: How to make Signal the default messaging app

Signal is a popular encrypted messaging application that focuses on privacy. It is an alternative to ...

Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...
00:02:01

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...

Google removes Chrome Sync from third-party browsers

Google says it will block the use of private Google APIs by third-party Chromium web browsers after discovering that ...