Adopt a strong security policy. By enforcing companywide security policies such as updating credentials periodically, utilizing stronger passwords and logging IP access, companies can better prevent and detect threats, analyze network activity and offer remediation. With a strong security policy in hand, the team will have a more complete battle strategy against RDP attacks, ensuring the security of remote activities.
Take a proactive approach. To prevent RDP exposure inside the organization, create a security policy to handle endpoints and ensure secure access. However, not every policy strategy works for every business. Instead, develop a proactive and customized approach. By creating policies geared for the organization’s endpoints and which limit the amount of RDP user access, security pros can effectively block ports from unauthorized internet access. With the right policies in place, the company’s servers will be more secure moving forward.
Strive for full network visibility. Establish network visibility to accurately fight off potential RDP attacks. By monitoring who and what’s happening in the network, businesses can identify and analyze all remote desktop traffic entering the network. Segmenting access also makes visibility easier. By allowing access only to the resources users need to do their jobs, the IT and security teams get a full, 360-degree view of network activity. With complete visibility, constant monitoring and proper network segmentation, the company can decrease the likelihood of RDP attacks.
Implement secure remote access with MFA. With the help of a secure remote access solution that integrates multi-factor authentication with RDP ports, the IT team can customize user access to each port per access-group -- instead of giving blanket access to everyone. By enforcing user authentication with every RDP login, security teams can decrease or block any brute force attacks on RDP from the get-go.
Enforce user restrictions with the privileged access model. Many remote access solutions like VPNs offer a limited protocol-level classification for user access and thus create the challenge of unfiltered traffic. Implementing strong user restrictions with a privileged access model lets IT teams limit who has secure access to resources, applications and corporate data. In restricting access to remote desktops, security teams can effectively prevent any unauthorized and malicious attackers that have accessed a remote desktop from fully breaching the network.
The U.S. Department of Justice announced that Russian national Aleksandr Grichishkin will be imprisoned for five years after being found guilty of being the ringleader of a "bulletproof hosting" company that offered technical support to malware operators between 2008 and 2015.
Numerous websites are being targeted by a widespread contact form and discussion forum spamming campaign involving the distribution of malicious Excel XLL files that facilitate the installation of the information-stealing RedLine malware.