- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Ransomware is a thorn in the side of any security engineer. These types of attacks have been increasing as of late and Remote Desktop Protocol (RDP) has been found to be the most popular initial attack vector. Even though RDP really means Remote Desktop Protocol, it's become apparent that it might as well be called "Ransomware Deployment Protocol."
You likely already know about RDP—and the fact that Microsoft Windows uses this protocol to allow users to remotely connect and control a remote system. The problem with RDP is that it's very easy to expose unintentionally, thus leaving a door open for bad actors.
Palo Alto Networks' Unit 42 studied data from over 1,000 incidents and found in 50% of ransomware deployment cases, RDP was the initial attack vector. The details can be read in the 2020 Unit 42 Incident Response and Data Breach Report.
Attackers are always looking for ways into any machine on the internet. Usually nmap (network mapper) is used to scan for open ports—namely port 3389, which is the default RDP port that is left open.
According to Cortex Xpanse research, attackers can scan the entire internet in just 45 minutes. So, if RDP is exposed, it will be found—and there are multiple ways an attacker can get in, including:
For more detailed information about how Cortex Xpanse can be used to help with RDP, please be sure to read Diagnosing the Ransomware Deployment Protocol (RDP).
To learn more about risks to your attack surface, download the 2021 Cortex Xpanse Attack Surface Threat Report.
Don't forget to visit the LIVEcommunity Cortex Xpanse page to participate in any Xpanse discussions, watch videos, read articles and have access to Cortex Xpanse resources dedicated to Xpanse.
Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Joe Delio
End of line
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
3 Likes | |
2 Likes | |
1 Like | |
1 Like |