Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to boost unwanted traffic as part of DDoS attacks, security company Netscout said.
Not all RDP servers can be abused, but only on systems where RDP authentication is enabled on port UDP 3389 above the standard TCP port 3389.
Netscout said intruders could send distorted UDP packets to the UDP ports of RDP servers that would be reflected in the target of the DDoS attack, resulting in unwanted traffic to hit the target system.
This is what security researchers call a DDoS boost factor that allows intruders to access restricted access. resources launch large-scale DDoS attacks by boosting unwanted traffic with the help of systems set out in Internet.
But the bad news does not end with the booster. Netscout said that hackers have already learned about this new player.
Netscout is now asking system administrators running RDP servers exposed on the Internet to set the offline systems, change them to the corresponding TCP port or place the RDP servers behind VPN in order to limit who can interact with vulnerable systems.
Currently, Netscout says it detects more than 33.000 RDP servers exposed online running on UDP port 3389.
As of December 2018, five new sources of DDoS support have been revealed. These include Constrained Application Protocol (CoAP), Dynamic Discovery (WS-DD) Web Services, Apple Remote Management (ARMS), servers Jenkins and the gates Citrix.
In accordance with FBI, the first four have been used in real attacks.
Source of information: zdnet.com