RDP Attacks: Top Tips to Secure Your Business
Remote Desktop Protocol (RDP) has become an invaluable tool for workers. It allows someone to easily remote access from one machine to another in their company, providing an encrypted connection between both endpoints. Often it is how remote workers will access business documents or special applications while working from home. Although it has many positive benefits for the business world, when not managed correctly it can be an easy route in for cyber criminals to attack your data and networks. 90% of businesses surveyed by Vectra were found to be vulnerable to RDP attacks*. Never fear! This blog will help you explore what RDP attacks are and how you can secure your organisation from this cyber security threat.
How do RDP Attacks Work?
RDP attacks tend to happen when cyber criminals gain access to login credentials for a remote desktop by using social engineering or brute force attacks. An attacker will either abuse the access themselves or will sell your RDP login credentials on the Dark Web.
Here is how an RDP Attack Might Work:
- An attacker will scan the internet to identify IP and TCP ports that are used by RDP servers
- They will attempt to gain access to a remote machine using brute force tools that automatically attempt a login multiple times using various username and password combinations
- After trial and error the attacker will gain the correct login combination, gaining access to your business server
- Obtaining this access will allow them to acquire additional privileges, leave backdoors for future cybercrime activities, gain control of your wider network or deploy Ransomware.
How can you Combat RDP Attacks?
Below are some simple steps recommended by the South West Police Regional Cyber Crime Unit that you can implement to help protect your business from RDP attacks.
Use Strong Passwords
Strong and unique passwords should be used across all accounts by all employees. We would recommend using the NCSC’s ‘ThreeRandomWords’ technique including numbers, symbols, capital letters and lower-case letters in your password to make it more secure. Using a password manager can help you remember these different passwords for your accounts.
Make sure your RDP connection is not open to the internet and only accessible through your internal network. Decide which ports are open and what the requirements are for them. Consider reassigning ports to non-default numbers and disabling those that are not required.
Remote Access Restrictions
Consider limiting the number of employees who can log in using RDP. Restricting access can help minimise the risk. If your business does not use RDP, make sure it is disabled.
If your remote access software offers 2FA/MFA then implement it straight away to avoid the chance of brute force attacks.
Account Lockout Policy
Brute force RDP attacks require many login attempts. You can slow these attacks by setting up policies that lock users out after a certain number of failed login attempts.
Back up your data
A simple tip to help the loss of important company data … make sure you have a backup process in place.
NCI Technologies understands that losing access to your data and networks can be costly and stressful for a business. Of course, there are always cyberthreats circulating but with proactive, 24/7 monitoring services, access to the best products to eliminate threats and top advice from our technical experts we will keep you informed and protected.