FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

The FBI Internet Crime Complaint Center (IC3) warns of cyber attacks exploiting Remote Desktop Protocol (RDP) vulnerabilities.

Remote Desktop Protocol (RDP) is a widely adopted protocol for remote administration, but it could dramatically enlarge the attack surface if it isn’t properly managed.

The FBI Internet Crime Complaint Center (IC3) and the DHS issued a joint alert to highlight the rise of RDP as an attack vector.

Attackers are exploiting this feature to access systems to deploy malware such as the SamSam ransomware.

“Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the Internet to compromise identities, steal login credentials, and ransom other sensitive information.” reads the alert issued by IC3.

“The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) recommend businesses and private citizens review and understand what remote accesses their networks allow and take steps to reduce the likelihood of compromise, which may include disabling RDP if it is not needed.”

Attackers can “infiltrate the connection” between the local and the remote machines and inject malware into the remote system. Experts warn that attacks using the Remote Desktop Protocol do not require user input, this makes intrusions difficult to detect.

The IC3 warns of the following vulnerabilities:

Weak passwords
Outdated versions of RDP may use flawed CredSSP that opens to man-in-the-middle attack.
Allowing unrestricted access to the default Remote Desktop Protocol port (TCP 3389).
Allowing unlimited login attempts to a user account.

The alert includes the audit of network for systems using RDP for remote communication, limiting the use of the Remote Desktop Protocol, keeping systems up to date, and implements multi-factor authentication wherever possible.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – IC3, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.