Compromised RDP credentials are also widely available for sale on dark web marketplaces. CTAs use tools, such as the Shodan search engine, to scan the Internet for open RDP ports and then use brute force password techniques to access vulnerable networks. This popular attack vector allows CTAs to maintain a low profile since they are utilizing a legitimate network service and provides them with the same functionality as any other remote user. They are then in a position to potentially move laterally throughout a network, escalate privileges, access and exfiltrate sensitive information, harvest credentials, or deploy a wide variety of malware. Remote users use RDP to log into the organization’s network to access email and files.Ĭyber threat actors (CTAs) use misconfigured RDP ports that are open to the Internet to gain network access.
Network administrators use RDP to diagnose issues, login to servers, and to perform other remote actions. It provides network access for a remote user over an encrypted channel. Remote Desktop Protocol (RDP) is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389.
0 kommentar(er)
