![[LOGO] Corvus Insurance by Travelers](https://www.corvusinsurance.com/hubfs/Corvus%20by%20Travelers%20Logos/CORVUS-Travelers-SML-POS-RGB.svg "[LOGO] Corvus Insurance by Travelers")
Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed
Ransomware attacks remained high in Q3 2024 thanks to the RansomHub, PLAY, and LockBit 3.0 ransomware gangs. Check out the full cyber report for more info.
What is RDP and why is it a security concern?
Corvus Threat Intel & Risk Advisory
•
December 12, 2022
Remote Desktop Protocol (RDP) Overview
Remote Desktop Protocol (RDP) is a Windows service that allows users to remotely connect to a Windows machine. More simply, RDP allows someone on remote computer A to login to Windows computer B as if they were physically sitting at the system. Historically, businesses expose RDP to the Internet as a common remote access method to enable their users to remotely access company systems and data. IT consultants also historically leveraged RDP to assist their clients’ systems remotely.
RDP Security Risks
Threat actors commonly target external facing RDP as a primary method of gaining access to an organization’s network. This is done through the use of stolen credentials or brute forcing weak user credentials. Once an initial foothold is accomplished using RDP, threat actors will move undetected in your environment and deploy malware. This often leads to ransomware infections.
Organizations that continue to use RDP expose themselves to an increased likelihood of attack as a large number of threat actors focus efforts on breaking in through that mechanism.
How to Help Clients Secure Their RDP
Corvus recommends that organizations still using Internet accessible RDP to adopt alternative methods of remote access. In limited situations, organizations may be unable to migrate away from RDP to better solutions. In those situations, properly securing RDP is essential. We recommend the following steps to secure RDP:
-
Require multi-factor authentication for all users.
-
Only allow authentication for users who require remote access.
-
Enable and enforce strong RDP configuration including:
-
Complex passwords
-
Account lockouts policies
-
Network Level Authentication (NLA)
-
Restricted Admin Mode
-
-
Only allow RDP connections from trusted sources:
-
Implement an IP address allow list
-
Leverage client side certificates for trusted devices
-
-
Routinely update your Operating System and third-party software and immediately patch critical vulnerabilities.
-
Inform Corvus of the steps taken to secure RDP. We're also here to answer questions about how to resolve an issue.
Alternatives to RDP
With threat actors placing an increased focus on Windows RDP as an initial attack method, many organizations are moving away from RDP and opting for more secure remote access solutions. Here are some alternatives you can consider for RDP. Remember to always use MFA access for any remote access method.
-
Migrate to cloud based services
-
Microsoft Office 365
-
Google Worksuite
-
-
VPN solution
-
Zero Trust Network Access (ZTNA)
-
Cisco
-
Illumio
-
Palo Alto
-
Perimeter81
-
ZScaler
-
-
Where cloud-based services or zero trust network access are not possible, consider, Remote Access and Remote Control Computer Software, such as:
-
LogMeIn
-
TeamViewer
-
AnyDesk
-
Recent Articles
Ransomware attacks remained high in Q3 2024 thanks to the RansomHub, PLAY, and LockBit 3.0 ransomware gangs. Check out the full cyber report for more info.
Q2 Cyber Threat Report: Ransomware Season Arrives Early
In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.
Global IT Meltdown: CrowdStrike Software Update Causes Broad Outages
On July 19, 2024, the world woke up to a massive IT outage caused by cybersecurity firm CrowdStrike that affected numerous industries across the globe.