How to effectively combat RDP attacks for secure remote access

Microsoft announced that it detected Zerologin being used in the wild. (Photo by Smith Collection/Gado/Getty Images)

The rise of the coronavirus pandemic has prompted organizations around the world to adopt a work-from-home policy. Analysis from security firm Kaspersky found that this sudden shift has resulted in more than 1.5 million new Remote Desktop Protocol (RDP) network attacks globally. The number of attacks targeting open RDP servers in the United States has tripled since March.

RDP is a Microsoft protocol managed by sys admins that lets users remotely connect to corporate machines, resources and services. Most RDP users gain access by inputting their usernames and passwords. This simple method makes the user’s devices exploitable to brute-force attacks, password guessing and credential stuffing. These different types of attacks depend on a mix of ordinary usernames and passwords or stolen credentials.

The stolen or hacked credentials of businesses or employees are often purchased on the dark web and hacker forums for a mere $10 according to researchers from McAfee. When an RDP network connection gets infiltrated, the attacker can exploit the network with different malware, steal business data and silently move around the network to research and develop more attack points.

In light of the increasing reliance upon RDP and its innate vulnerabilities, here are five tips to combat RDP cyberattacks:

  1. Adopt a strong security policy. By enforcing companywide security policies such as updating credentials periodically, utilizing stronger passwords and logging IP access, companies can better prevent and detect threats, analyze network activity and offer remediation. With a strong security policy in hand, the team will have a more complete battle strategy against RDP attacks, ensuring the security of remote activities.
  2. Take a proactive approach. To prevent RDP exposure inside the organization, create a security policy to handle endpoints and ensure secure access. However, not every policy strategy works for every business. Instead, develop a proactive and customized approach. By creating policies geared for the organization’s endpoints and which limit the amount of RDP user access, security pros can effectively block ports from unauthorized internet access. With the right policies in place, the company’s servers will be more secure moving forward.
  3. Strive for full network visibility. Establish network visibility to accurately fight off potential RDP attacks. By monitoring who and what’s happening in the network, businesses can identify and analyze all remote desktop traffic entering the network. Segmenting access also makes visibility easier. By allowing access only to the resources users need to do their jobs, the IT and security teams get a full, 360-degree view of network activity. With complete visibility, constant monitoring and proper network segmentation, the company can decrease the likelihood of RDP attacks.
  4. Implement secure remote access with MFA. With the help of a secure remote access solution that integrates multi-factor authentication with RDP ports, the IT team can customize user access to each port per access-group -- instead of giving blanket access to everyone. By enforcing user authentication with every RDP login, security teams can decrease or block any brute force attacks on RDP from the get-go.
  5. Enforce user restrictions with the privileged access model. Many remote access solutions like VPNs offer a limited protocol-level classification for user access and thus create the challenge of unfiltered traffic. Implementing strong user restrictions with a privileged access model lets IT teams limit who has secure access to resources, applications and corporate data. In restricting access to remote desktops, security teams can effectively prevent any unauthorized and malicious attackers that have accessed a remote desktop from fully breaching the network.

Adopting these security tips against RDP attacks on the corporate network and servers will help security teams close any holes that malicious actors can remotely infiltrate. As we see more businesses and employees adopt the work-from-home model, RDP connections will continue to increase. Stay ahead of the attackers by blocking any security weak points in the network now, before it's too late.

Amit Bareket, co-founder and CEO, Perimeter 81

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.