Are You Still Not Convinced RDP Is A Major Vulnerability?

[itman 1,659]

Kaspersky just released their 2018 Malware Incident Report today. Most notable is the following:

Quote

Adversary attack vectors

The remote management interface of the RDP service was used in the initial attack vector in one out of three incidents. In the majority of cases, an adversary successfully obtained a valid user’s credentials as a result of a brute-force attack on the RDP service. Such an attack usually lasted just a few hours because weak or dictionary passwords were used. In addition, in most cases the same credentials were used for authentication in different systems, so an attacker was able to reuse the usernames and passwords to access additional hosts.

In one third of attacks through remote management interfaces, the valid credentials were known to the intruder in advance (no brute-force attempts were detected). They were probably obtained using social engineering methods or were found on unsecured resources with public access (for example, if an employee used the same password to register on third party resources).

https://securelist.com/incident-response-analytics-report-2018/92732/

Also:

Quote

Yesterday McAfee Labs released a report on the cyber-threat landscape during the first quarter of 2019. Researchers recorded a worrying 118% growth in new ransomware samples, along with innovative changes in the codes and tactics used to execute it.

While spear-phishing remained popular, the ransomware currently going through a resurgence increasingly targets exposed remote access points like Remote Desktop Protocol (RDP).

RDP credentials can be cracked through a brute-force attack or bought in the cyber-criminal underground and then used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks. 

https://www.infosecurity-magazine.com/news/the-great-big-ransomware-revival/

Edited August 29, 2019 by itman