The Internet Crime Complaint Center (IC3), the FBI and the DHS issued a Public Service Announcement on September 27th, which details increased exploitation of RDP in connection with malicious cyber activities. RDP is a proprietary network protocol developed by Microsoft that allows an individual to gain control of computer resources and data over the Internet. RDP provides total control over a remote machine, and intrusions can be difficult to detect. If not properly secured, RDP can be used to steal confidential/sensitive information, compromise identities, install backdoors or launching points for attacks and infect devices/systems with malware, including ransomware.
To protect against RDP attacks, the FBI and the DHS offer the following recommendations:
- Implement/require strong passwords and account lockout policies.
- Enable multi-factor authentication whenever possible. For more information on NYU MFA, please see, http://www.nyu.edu/it/mfa.
- Keep systems and software fully updated/patched.
- Limit network exposure for all control system devices.
You may also want to review:
- the above-referenced Public Service Announcement for additional information on reducing risks associated with RDP.
- the NJCCIC threat analysis, Remote Access: Open Ports Create Targets of Opportunity, Undue Risk.