What is RDP and why do you care?

You could be using it right now.

RDP stands for ‘Remote Desktop Protocol’. It’s a way to connect to your work computer from outside the building.

But as more people work from home, cyber criminals are working, too — trying to take over your RDP, data and devices.

Watch here:

Working From Home

How do you connect to your work computer from home?

Many people use RDP, or Remote Desktop Protocol, to connect.

And so do crooks.

Research from Kaspersky shows a massive surge of RDP ‘brute force’ — or password guessing — attacks, from about 100,000  per day in January to more than a 500,000 per day in March and April.

A report from Atlas VPN shows RDP attacks in the U.S. rose 330% from February to April.

You can find out if you’re using RDP by checking for the RDP icon, as seen in the images below, in your toolbar or applications folder. Even if you’re not using it, this info can help.

 

Microsoft’s Remote Desktop icon. Image: Microsoft

What Can They Do?

Once they’re in, attackers can launch ransomware, scrambling your files and crippling networks.

An RDP ransomware attack locked up patient files at an Indiana hospital in 2018.

Hancock Health paid almost $50,000 to get the files back.

Attackers can also deploy spyware or a RAT — remote access Trojan — to keep watch over your company’s systems for money and data.

And they can explore the entire network, waiting for the right time to strike.

 

Microsoft Remote Desktop icon for Mac. Image: Apple store

How Do They Get In?

Many attackers use automation to guess your password.

If you use an easy one or reuse passwords from other accounts, you’re giving them easy access.

They can also buy your name and easy password on the dark web from someone who has already done the work to break in.

What Can You Do?

Put a long password on your work accounts, at least 15 characters.

Store your passwords in a password manager.

Use multi-factor authentication —  in other words, more steps to sign in than just a password.

And use a VPN or virtual private network to connect to work.

Security Gaps

Researchers and attackers have found vulnerabilities — or security flaws — in RDP.

In May 2019, Microsoft warned that a serious vulnerability known as BlueKeep could let attackers in, so everyone should update the RDP software to the newest version.

Some cybersecurity professionals joked that RDP stands for “Really DO Patch!” — or update — your systems.

Not everyone did, and attackers used the vulnerability to get in and try mining for cryptocurrency in November 2019.

Experts recommend that companies disable RDP if they are not using it, and if they are using it, be sure to update it, put it behind a firewall and use a VPN.

Not Using RDP?

You may be using a different way to connect to your work computer.

No matter what connection method you use, these steps will help:

—Use long passwords and do not reuse passwords

—Use multi-factor authentication

— Use a VPN

—Update software to latest version

 

See also:

What is encryption?

What is a botnet?

What is Mimikatz?

What is ATO?

What is SIS?

What is an air gap?

What is a PLC?

 

Main image: Dog, woman & laptop. Image: LightFieldStudios/iStock



Leave a Reply