How do I describe an RDP Attack to my clients?
An RDP allows one computer to connect to another or a network without direct contact. A Remote Desktop Protocol Attack is a type of data breach which occurs via a user’s remote desktop protocol (or RDP). Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, brute force attacks involve submitting many passwords in a row until the right one is “guessed”.
Why is Microsoft’s action good news?
Previously, there was no timeout for multiple failed attempts at logging on. In new builds, accounts automatically lock for 10 minutes after 10 invalid sign-in attempts. This feature was present in previous versions but was not enabled by default. This is a step in the right direction.
Points to emphasize with your clients:
1. The easiest method to prevent RDP attacks is to not expose the port to the internet. If external connections are required then they should be done through a virtual private network (VPN).
2. If an RDP port must be exposed to the internet, it should be protected with multi-factor authentication (MFA).
Additionally, an organization could use just-in-time tokens. These are temporarily-generated tokens that will provide access to a resource at a specific point in time. After they expire, they’re useless so if they’re compromised it’s only a risk until the token expires.
Please let our team know if you’d like to help your clients boost their digital risk management and I can connect you with our Hackbusters advisory team.