RDP access is too risky to use, IC3 warns

On September 27th, with a public service announcement, the Internet Crime Complaint Center (IC3) has warned businesses and individuals that RDP accesses are being sold on dark markets, and malicious actors can infiltrate the connection between machines and inject malware or ransomware into the remote system.

Possible threats include ransomware attacks such as SamSam, CrySiS and CryptON, and identity compromise and stealing of login credentials.

In March 2018, the SamSam ransomware had infected the city of Atlanta, resulting in loss of access to files, and outages to several online systems and services; and could cost the city about $17 million dollars.

The September 27, 2018, PSA requests businesses and individuals to review their remote administration tools and the remote accesses their networks allow and take necessary steps, which should also include disabling Remote Desktop Protocol if it is not needed. Hackers have developed various methods for identifying and exploiting vulnerable RDP sessions to conduct malicious activities.

The four vulnerabilities in your RDP that attackers could exploit are:

1. Weak passwords that use dictionary words or are easy to crack.
2. Outdated versions of RDP that use CredSSP.
3. Allowing unrestricted access to the default Remore Desktop Protocol port (TCP 3389).
4. Allowing unlimited login attempts to a user account.

Listed below are the recommended practices to mitigate risks resulting from RDP-based attacks. This list includes, though not all, the best practices suggested by the FBI and DHS. For the recommended suggestions visit the IC3 public service announcement.

1. Use two-factor authentication.
2. Apply system and software updates regularly.
3. Maintain a good back-up strategy.
4. Restrict access to servers via RDP by using a gateway or VPNs.
5. Restrict access behind a firewall.
6. Limit users who can use Remote login.
7. Set up maximum number of attempts before locking up an account.

What is RDP?

Remote Desktop Protocol allows an individual to control another computer over the internet. RDP provides the individual with full control over the remote system.