An alert has been published by the Internet Crime Complaint Center (IC3)
in collaboration with FBI and DHS due to an increasing number of
ransomware and data theft incidents where Remote Desktop Protocol (RDP)
exploits where the attack vector.
The IC3 is a US agency designed to allow citizens to submit
Internet-related criminal activity to the Federal Bureau of
Investigation (FBI) and to help law enforcement agencies to use all
submitted information more effectively.
Remote Desktop Protocol (RDP) is a network protocol used by applications
known as remote administration tools (RATs) to allow users to control
computers over the Internet.
Threat actors can use legitimate RATs as an attack vector after
detecting and exploiting vulnerabilities in the apps' coding or by
taking advantage of weak passwords.
As detailed in IC3's report, applications using RDP can be vulnerable to
man-in-the-middle attacks (MITM) because of using flawed CredSSP
encryption, as well as allowing an infinite number of login attempts and
unrestricted access to the RDP 3389 TCP port.
"Computers vulnerable to RDP attacks are an easy target to ransomware attacks"
Besides brute-forcing their way in using password stuffing attacks, bad
actors can also inject malware in a vulnerable system using MITM
techniques and, by taking advantage of the fact that RDP does not need
actual user input, attackers can go undetected for long periods of time.
Systems vulnerable to RDP-based exploitation attacks can be targeted by
malicious parties with CRySiS, CryptON, or Samsam ransomware, allowing
the crooks to demand payment for decrypting the data and restoring the
compromised systems to their initial state.
Stolen RDP credentials are also a valuable commodity which is often
auctioned on the Dark Web, together with extensive information on the
location and configuration of the compromised machines.
The IC3 also suggests some measures that can be taken to protect against
RDP attacks, the most important one being the regulation, control, and
close monitoring of RDP apps used for remotely controlling computers.
https://www.geezgo.com/sps/41073
Join Geezgo for free. Use Geezgo's end-to-end encrypted Chat with your Closenets (friends, relatives, colleague etc) in personalized ways.>>
Comments
Post a Comment