Research by tech firm Vectra, has found that 90% of organisations deploying Remote Desktop Protocol (RDP), exhibited RDP attacker behaviour.
The 2019 Spotlight Report, explains that RSP is a tool for system administrators which enables them to “control remote systems with the same functionality as if they were accessing it locally.”
“RDP gives an attacker direct access to a system, and when that system uses unsecure passwords and default settings, disaster ensues. Even worse, attackers can disable endpoint protection, thereby circumventing critical security controls as they establish a foothold in the organization. Once this happens, prevention tools are blind to the actions of the cyberattacker.
“There is risk when RDP systems are internet-facing because they can enable a cyberattacker to easily gain access to an organization’s network. Once the bad actor gets in, RDP becomes an even more useful tool.”
The tool has now become an increasingly popular technique for cyberattackers, with several high-profile ransomware attacks, such as Samsam and CrySiS, utilising RDP to move laterally inside of networks.
Researchers used Vectra’s Cognito platform to analyse network traffic between January and June 2019, and found that 26,800 suspicious RDP behaviours had been detected in more than 350 deployments.
It was also identified that manufacturing and finance organisations were the most exposed to malicious RDP behaviours, with the top three industries accounting for half of all RDP detections.
The manufacturing, government and education industries were the three most at-risk industries for RDP recon.
Additionally Vectra discovered that medium-sized organisations, (5,000-25,000 employees), experienced the largest amount of RDP detections, with 7 per 10,000 workloads or devices. Larger organisation, with more than 25,000 employees, experienced the least amount of RDP detections (4.5 per 10,000 workload or devices).
It should be noted that larger organisations have much more mature security programs with the proper processes and staff in place, due to larger budgets and better access to tools and resources.
“We observed that the organizations with more than 25,000 employees are more likely to employ a larger staff with dedicated threat hunting, threat intelligence and incident response teams.”
Chris Morales, Vectra’s head of security, told Infosecurity Magazine: “RDP is so widely used in different organizations that a high rate of misuse is inevitable. It’s used in multiple forms of attacks as attackers look to hide from detection.”
“The rate of detection in the six-month period is consistent with what Vectra has monitored over an extended period of time. RDP is a regular occurence in attacks and a staple tool of the attackers’ toolkit.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.