by Kapua Iao
Article filed in

What is a remote desktop protocol attack?

by Kapua Iao

Two laptops being used at a coffee shop.

A Remote Desktop Protocol Attack is a type of data breach which occurs via a user’s remote desktop protocol (or RDP). An RDP allows one computer to connect to another or a network without direct contact.

This has become something of a necessity over the past year as more employees, including within the healthcare industry, work from home.

No doubt because of this, researchers have noticed a jump in cyberattacks that use RDP as an entry point. But how exactly do these attacks occur? And how can organizations protect their employees and their networks from such breaches?

RDP use cases

A remote desktop connection relies on various protocols including RDP, used to log into Windows from afar by connecting to remote desktop services. It was first invented by Citrix in 1995 and added to Microsoft products in 1998.

Other protocols do exist; for example, Apple has its own version. RDP normally comes preinstalled as part of a Windows operating system.

Remote desktops can be essential for day-to-day operations. Many organizations utilize this technology to give:

  • Admin and/or IT workers access to troubleshoot
  • Employees access to organization-related data
  • Employees the ability to work from home

The COVID-19 pandemic didn’t introduce the concept of remote working, but it brought a shift in how many employees work from home.  Currently, there are almost five million RDP servers exposed to the Internet, an increase of two million from before the pandemic.

RELATED: Coronavirus Cyberattacks: How to Protect Yourself

Many of these users (employees and organizations) are new to remote working. Most do not understand the need to follow safety procedures to ensure cybersecurity. All it takes is one vulnerable RDP for a cybercriminal to gain entrance into any organization.

Remote desktop protocol attacks

RDPs have a history of cyber-insecurity. The Federal Bureau of Investigation even released a warning in 2018 addressing dark markets selling RDP access.

Cybercriminals see RDP as an easy entry point. Weak password policies and misconfigured endpoint security play a big role in this.

RELATED: Increase Online Security With a Robust Password Policy

Analysts report that RDP attacks as occur through brute force, credential stuffing, and/or malware.

And the most often overlooked vulnerability, human error. As we all know, tired or stressed employees are easily exploited employees, particularly through email phishing and social engineering.

RELATED: Recognizing and Blocking a Malicious Email

A cybercriminal can do much damage once inside a system, from inserting malware to exfiltrating data, and/or installing mining programs or ransomware.

Hackers can disable, erase, or overwrite backups, remove security software, or download unwanted software. And even cause bodily harm, as threat actors tried to do with the recent Florida water treatment facility hack.

As we know, protected health information (PHI) is valuable to cybercriminals who are looking for a payday by holding data for ransom, selling it to the highest bidder, or just trying to cause chaos.

RELATED: SamSam Ransomware Continues to Wreak Havoc on Healthcare, Report Finds

According to the ESET Threat Report Q4 2020, RDP attacks last year increased by 768% between Q1 and Q4.

Protect and mitigate your RDP risks

For all organizations that need to connect remotely, knowing how to protect a single computer and/or a network from cyberattacks is essential. Especially during the current health crisis.

RELATED: Cybersecurity Risk Management: How Companies Are Responding to COVID-19 and Remote Work

First and foremost, if an organization does not use RDP, the connection should be disabled. Moreover, an organization should only provide remote access to employees that need it.

Second, organizations must look into endpoint security—never leave an RDP connection open to the Internet.

Third, policies and procedures must be up to date. They should include rules on only using organization-provided devices, multi-factor authentication, and complex passwords. Organizations must always audit these policies along with any connectivity logs.

And finally, implement physical and technological safeguards such as:

  • A firewall and/or VPN
  • Backups kept on a separate, unconnected server
  • Remote desktop gateways
  • Patches and updates as needed.

If someone detects a breach, disable RDP access right away. Cut off the infected computer from the rest of the network and figure out how the intrusion was able to occur.

Don’t forget solid email security

And to protect against human error, implement strong email security. For healthcare organizations that must be HIPAA compliant, this means combining strong employee awareness training with HIPAA compliant email.

RELATED: HIPAA Stands For . . .

Our HIPAA compliant email solution, Paubox Email Suite, requires no change in user behavior. No extra logins, passwords, or portals to wade through. Just protected email communication.

With our HITRUST CSF certified solution, all outbound emails are encrypted and sent directly from an existing email platform (such as Microsoft 365 and Google Workspace). Furthermore, malicious inbound emails are blocked even before reaching an employee’s inbox.

RDP attacks and their consequences are detrimental to any organization. Keep cybercriminals from gaining access through this entry point. And keep your employees safe when they need to work at home by utilizing reliable cybersecurity measures today.

Try Paubox Email Suite for FREE today.