RDP Exposed : The Wolves Already at Your Door

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://nakedsecurity.sophos.com/2019/07/17/rdp-exposed-the-wolves-already-at-your-door/
For the last two months the infosec world has been waiting to see if and when criminals will successfully exploit CVE-2019-0708, the remote, wormable vulnerability in Microsoft’s RDP (Remote Desktop Protocol), better known as BlueKeep.

The expectation is that sooner or later a BlueKeep exploit will be used to power some self-replicating malware that spreads around the world (and through the networks it penetrates) in a flash, using vulnerable RDP servers. In other words, everyone is expecting something spectacular, in the worst possible way. But while companies race to ensure they’re patched, criminals around the world are already abusing RDP successfully every day, in a different, no less devastating but much less spectacular way. Many of the millions of RDP servers connected to the internet are protected by no more than a username and password, and many of those passwords are bad enough to be guessed, with a little (sometimes very little) persistence. Correctly guess a password on one of those millions of computers and you’re in to somebody’s network.
Click to expand...
RDP password guessing shouldn’t be a problem – it isn’t new, and it isn’t particularly sophisticated – and yet it underpins an entire criminal ecosystem. In theory, all it takes to solve the RDP problem is for all users to avoid really bad passwords. But the evidence is they won’t, and it isn’t reasonable to expect they will. The number of RDP servers vulnerable to brute force attacks isn’t going to be reduced by a sudden and dramatic improvement in users’ password choices, so it’s up to sysadmins to fix the problem. While there are a number of things that administrators can do to harden RDP servers, most notably two-factor authentication, the best protection against the dual threat of password guessing and vulnerabilities like BlueKeep is simply to take RDP off the internet. Switch off RDP where it isn’t absolutely necessary, or make it accessible only via a VPN (Virtual Private Network) if it is.
Click to expand...
shutterstock_1140876704.jpg
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Andy Ful, silversurfer and 6 others
You must log in or register to reply here.

Similar threads

Alexandre Ravelli
    • Like
    • Thanks
Serious Discussion Duo Authentication for Windows Logon and RDP
Replies
2
Views
383
Passwords and passkeys
Alexandre Ravelli
Alexandre Ravelli
Brownie2019
    • Like
    • Thanks
Unlimited Giveaway Password Depot v16 for free -Lifetime
Replies
0
Views
439
Giveaways, Promotions and Contests
Brownie2019
Brownie2019
CyberTech
    • Like
These are the top passwords hackers use against remote access. Time to change yours?
Replies
0
Views
489
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top