Security News FBI warns companies about hackers increasingly abusing RDP connections

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.zdnet.com/article/fbi-warns-companies-about-hackers-increasingly-abusing-rdp-connections/
Millions of RDP endpoints remain exposed online and vulnerable to exploit, dictionary, and brute-force attacks

In a public service announcement published today by the US Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3), the FBI is warning companies about the dangers of leaving RDP endpoints exposed online. RDP stands for the Remote Desktop Protocol, a proprietary technology developed by Microsoft in the 90s that allows a user to log into a remote computer and interact with its OS via a visual interface that includes mouse and keyboard input --hence the name "remote desktop."
RDP access is rarely enabled on home computers, but it's often turned on for workstations in enterprise networks or for computers located in remote locations, where system administrators need access to, but can't get to in person.
Click to expand...

Together with the Department of Homeland Security, the two agencies have published today the following advice in regards to improving RDP security.
  • Audit your network for systems using RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology vendors to confirm that patches will not affect system processes.
  • Verify all cloud-based virtual machine instances with a public IP do not have open RDP ports, specifically port 3389, unless there is a valid business reason to do so. Place any system with an open RDP port behind a firewall and require users to use a Virtual Private Network (VPN) to access it through the firewall.
  • Enable strong passwords and account lockout policies to defend against brute-force attacks.
  • Apply two-factor authentication, where possible.
  • Apply system and software updates regularly.
  • Maintain a good back-up strategy.
  • Enable logging and ensure logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
... ... ...
... ...
Click to expand...
 
  • Like
Reactions: InnoScorpio, In2an3_PpG and harlan4096
You must log in or register to reply here.

Similar threads

Alexandre Ravelli
    • Like
    • Thanks
Serious Discussion Duo Authentication for Windows Logon and RDP
Replies
2
Views
384
Passwords and passkeys
Alexandre Ravelli
Alexandre Ravelli
CyberTech
    • Like
These are the top passwords hackers use against remote access. Time to change yours?
Replies
0
Views
490
News Archive
CyberTech
CyberTech
[correlate]
    • Like
MSSQL Databases Under Fire From FreeWorld Ransomware
Replies
0
Views
783
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top