Why RDP Vulnerabilities Need Your Attention
With a history of security holes, Remote Desktop Protocol (RDP) is being used more than ever by remote users. How can IT departments manage the risks?
Remote Work Has Changed the IT Landscape
As more employees are forced to work from home due to COVID-19, there is a heightened need for tools and checks to ensure remote devices are properly secured. The current situation has certainly rocked the foundation for how businesses function and how IT departments are able to respond. Not only are there endpoints and servers left on-premise that may be sitting idle, waiting for an attacker to come along, but sending massive fleets home to unknown territory and networks opens up a whole new can of worms.
How RDP Puts You at Risk
One vulnerability that has been plaguing the industry for over a decade, Remote Desktop Protocol (RDP) is being used more than ever to allow remote workers back into the corporate network.
In late March 2020, after most non-essential businesses were forced to send workers home, search engine Shodan reported a 41.5% spike in “the number of devices exposing RDP to the internet via RDP’s default TCP port 3389.”
This protocol has seen its fair share of security holes and hardship since the beginning. Most notably, 2019 gave rise to a vulnerability known as BlueKeep that could allow attackers to remotely take control of an unpatched connected device. Further, attackers continually rely on brute force attacks to attempt to obtain credentials that have remote desktop access.
If successful, the attackers can gain access to remote workstations and servers that the accounts are authorized for. Organizations need to adopt adequate security measures to proactively protect themselves when using RDP, as well as other potential attack vectors.
Preventing RDP Exploits and Vulnerabilities
How can IT departments accurately check to make sure RDP is checked, as well as other potential security holes? The answer is simple: use a vulnerability scanner.
RDP is just one piece of the puzzle—a popular one, no doubt, but there are other flaws to look out for. Backdoors, crypto mining, peer-to-peer applications, open ports, SNMP, and even the configured Windows policies. All must be checked routinely for potential misconfiguration or susceptibility. Now that employees are working from the couch with a corporate device, or even their own, the need for heightened security has never been greater.
Tuearis Cyber offers Threat and Vulnerability Management (TVM) services on both a Professional Service and Managed Service basis. We would love to help you hunt vulnerabilities inside your environment and remediate them before they are exploited. Contact us today and REST SECURED.