Home » Criminal exploitation of the RDP protocol is growing

Criminal exploitation of the RDP protocol is growing

by admin
Criminal exploitation of the RDP protocol is growing

According to the Active Adversary Report by Sophos In 2023, cybercriminals exploited remote desktop protocol (RDP) in 90% of attacks, the highest percentage ever recorded. The report “It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024” analyzed more than 150 incident responses (IRs) managed by the Sophos X-Ops team in 202.

The criminal exploitation of the RDP protocol

External remote services such as RDP were also introduced vector most common way attackers were able to breach networks, representing the initial access route in 65% of IR cases in 2023. External remote services appear as the most frequent initial access method since the first Active Adversary report published. Those who defend themselves should consider this fact as a sign of the need to prioritize the management of these services in the assessment of corporate risks.

Don’t leave “doors open” to criminals

John Shier, field Cto di Sophos
External remote services are a necessary requirement for many companies but risky. Cybercriminals are well aware of the dangers these services pose and actively try to exploit them to collect the reward they promise. Keeping services exposed without adequate precautions and techniques for mitigating the related risks inevitably leads to IT breaches. It doesn’t take long for an attacker to find and compromise an exposed RDP server. Without additional checks, not even the Active Directory server waiting for him on the other side.”

The RDP protocol

In the case of a Sophos Once inside the network the attackers continued to move laterally. Thus downloading dangerous executables, disabling the protections endpoints and establishing your remote access capabilities.

See also  Rivara, unsafe barracks: carabinieri at risk of transfer

The main causes of attack

Compromised credentials e exploitation vulnerabilities are still the two most common primary causes of attacks. However, the 2023 Active Adversary Report for Tech Leaders found that in the first half of 2023, compromised credentials had overtaken vulnerabilities as the primary cause of attack for the first time. This trend continued into the rest of the year, when credentials were compromised represented the primary cause of over 50% of IR cases for the entire year.

The role of multi-factor authentication

Looking at cumulative data collected from Active Adversary reports from 2020 to 2023, compromised credentials are also the single largest root cause of attacks ever. In fact, they concern almost a third of all IR cases. Yet, despite the prevalence history of this technique, multi-factor authentication continued to be absent in 43% of IR cases in 2023. Exploiting vulnerabilities was the second primary cause of attacks both in 2023 and in the cumulative period from 2020 to 2023, respectively responsible for 16 % and 30% of IR cases.

Criminal exploitation of the RDP protocol is growing

John Shier, field Cto di Sophos
Risk management is an active process. When faced with determined cybercriminals and their constant threats, companies that get it right are better off than those that don’t. An important aspect of managing security risks, in addition to their identification and prioritization, concerns the ability to act on the information collected.

Yet certain risks such as open RDP services have continued to leave businesses vulnerable for too long. This is for the happiness of the attackers who can enter through the front door. To protect the network by reducing exposed and vulnerable services and strengthening authentication techniques increases overall security. It also allows you to better respond to cyberattacks.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy