The FBI and DHS issued a joint warning to consumers and businesses on the increasing use of the Remote Desktop Protocol (RDP) administration tool as an attack vector.

The notice said RDP attacks have been on the rise since 2016 ,with attackers using open RDP ports to take over machines or intercepting RDP sessions and injecting various types of malware into the system being remotely accessed. In other cases computers with RDP software on board have been victimized when attackers used brute-force techniques to gain usernames and passwords.

The two law enforcement agencies said CrySIS, CryptON and SamSam ransomware have all been spread through RDP attacks. CrySiS has mainly been used against U.S. businesses that have computers with open RDP ports. Here attackers use brute-force and dictionary attacks to gain unauthorized remote access and then CrySiS is dropped onto the device and a ransom is demanded.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.