Working remotely is a trend here to stay, and many remote workers rely on Remote Desktop Protocol (RDP) to connect to office computers. Attackers have taken note.
The 2020 pandemic changed the way we work by revealing how easily, efficiently, and productively many people can work from home. All signs point to this trend outliving the pandemic. For example, during 2021, LinkedIn reported that job postings offering remote work rose 357%; meanwhile, by April 2020, RDP usage had already increased 62%.
Attackers found opportunity in this sea change. RDP is particularly attractive because of its long history of vulnerabilities, paired with its often-reckless use. For example, Shodan (a device search engine) reported an uptick in devices exposing RDP to the Internet in May 2019 (following a Microsoft bulletin on the BlueKeep vulnerability) and again in early 2020. In 2021, hackers leaked 1.3 million Windows Server RDP logins over the black market.
RDP is a unique attack vector because of the multiple doors it opens once compromised. Once an attacker gains a foothold via RDP, they can deploy attacks such as:
Ransomware is especially prevalent; in fact, the FBI reports that RDP accounts for 70%-80% of the attack vectors leveraged to deliver ransomware.
There are multiple ways to harden your RDP infrastructure. Let’s focus on the three most important defenses.
These steps may require a change in culture. Understandably, many IT teams prefer to delay installing patches to ensure a new patch doesn’t introduce new problems. It is likewise common for IT to rely on “security by obscurity,” such as running RDP on nonstandard ports, to avoid notice. Attackers have caught on to these old ways of thinking, but if you start with these tips to harden RDP infrastructure, your remote staff can continue working safely and securely.