FBI issues cyber attack alert on Remote Desktop Protocol

The US Federal Bureau of Investigation and the Department of Homeland Security issues cyber-attack alerts, primarily related to the disclosure of RDP Remote Desktop Protocol.

Previously, security companies found that the underground hacking forum was selling RDP protocol connection credentials, and the credentials of many critical public facilities were only a few dollars.

Anyone who pays for RDP connection credentials can control the corresponding server, including the hospital or even the airport’s control server credentials.

Launch multiple attacks with the RDP protocol:

RDP protocol attacks are currently the most popular to install ransomware for profit, but hackers and buyers also want to maximize their interests.

Therefore, hackers will use the RDP protocol to enter the enterprise intranet to steal data and even insert backdoors, so that confidential data can be continuously stolen through the back door.

There are also hackers found to use the purchased RDP as a springboard to attack other network facilities. For hackers, this kind of attack is not necessary.

Why is the RDP credential leak so serious:

The RDP Remote Desktop Protocol allows users to connect to other devices remotely, as long as they have an account password to connect and have full control over the target device.

That is to say; if you purchase the RDP protocol and log in to those target devices, it is not difficult to install the virus or install the backdoor program.

Compared to the way through vulnerabilities or malicious script attacks, there is no threshold for purchasing RDP protocol credentials to attack, and there is no need for buyers to master hacking techniques.

What methods should be used to protect the RDP protocol:

1. The use of high-intensity passwords is a must: There are many hacker-created robots on the network continually scanning ports using weak passwords for guessing and blasting logins.

If you use weak passwords, then there is no doubt that hacking is only a matter of time, so the RDP protocol must use high-intensity password exponentials to increase the difficulty of blasting.

2. Do not use the default 3389 port: Online robots attempting to scan and blast all need to log in and guess through the default 3389 port.

If you change the default 3389 port to something else, it is not convenient for the hacker to know which port to use for each port.

3. Regularly installing updates is also a must: Microsoft releases cumulative updates for operating system products every month to fix known or potential security vulnerabilities.

Therefore, the use of the RDP protocol must also be regularly updated to fix the vulnerabilities, to avoid the use of hackers to steal your account connection credentials due to weaknesses.

4. Avoid exposing the device to the public network as much as possible: If the hacker cannot connect directly to your server, then even if there are RDP credentials, it will not log in regularly.

Therefore, devices that use RDP for security should be exposed to the public network, such as enabling VXN tunnel login or enabling the firewall to block illegal connections.

5. It is a good practice to configure 2-step verification: Microsoft’s RDP protocol now supports 2-step verification, even if the password is leaked, it is not afraid to be logged in by others.

6. Configure the login lockout policy to block hacker scanning: When a hacker scans and blasts, it will generate many failed logins. At this time, the system will automatically block the corresponding IP.

Therefore, after the lock, the hacker can’t continue to try to blast in a short time, so the locking strategy is naturally beneficial to improve the security of the RDP protocol.