14 DAY TRIAL // An alert has been published by the Internet Crime Complaint Center (IC3) in collaboration with FBI and DHS due to an increasing number of ransomware and data theft incidents where Remote Desktop Protocol (RDP) exploits where the attack vector.
The IC3 is a US agency designed to allow citizens to submit Internet-related criminal activity to the Federal Bureau of Investigation (FBI) and to help law enforcement agencies to use all submitted information more effectively.
Remote Desktop Protocol (RDP) is a network protocol used by applications known as remote administration tools (RATs) to allow users to control computers over the Internet.
Threat actors can use legitimate RATs as an attack vector after detecting and exploiting vulnerabilities in the apps' coding or by taking advantage of weak passwords.
As detailed in IC3's report, applications using RDP can be vulnerable to man-in-the-middle attacks (MITM) because of using flawed CredSSP encryption, as well as allowing an infinite number of login attempts and unrestricted access to the RDP 3389 TCP port.
Computers vulnerable to RDP attacks are an easy target to ransomware attacks
Besides brute-forcing their way in using password stuffing attacks, bad actors can also inject malware in a vulnerable system using MITM techniques and, by taking advantage of the fact that RDP does not need actual user input, attackers can go undetected for long periods of time.
Systems vulnerable to RDP-based exploitation attacks can be targeted by malicious parties with CRySiS, CryptON, or Samsam ransomware, allowing the crooks to demand payment for decrypting the data and restoring the compromised systems to their initial state.
Stolen RDP credentials are also a valuable commodity which is often auctioned on the Dark Web, together with extensive information on the location and configuration of the compromised machines.
The IC3 also suggests some measures that can be taken to protect against RDP attacks, the most important one being the regulation, control, and close monitoring of RDP apps used for remotely controlling computers.