By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, has issued a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol.  While the most publicized attacks over RDP are related to ransomware, attackers also hack into exposed RDP services for corporate theft, installation of backdoors, or as a launching point for other attacks. "Remote administration tools, such as Remote Desktop Protocol (RDP), as an attack vector has been on the rise since mid-late 2016 with the rise of dark markets selling RDP Access," stated the alert from US-Cert. "Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the Internet to compromise identities, steal login credentials, and ransom other sensitive information. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) recommend businesses and private citizens review and understand what remote accesses their networks allow and take steps to reduce the likelihood of compromise, which may include disabling RDP if it is not needed." Because these attacks target entire networks, rather than an individual computer, and carry price tags of $3,000 - $5,000 USD to decrypt a single computer or upwards to $50,000 USD to decrypt an entire network, they tend to be highly publicized. More complete details available on OUR FORUM.