CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技シートーデジタル解決Soluções Digitais CTOLCTOL Soluciones Digitales
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us

Sophos Study Reveals Alarming Rise in RDP Exploitation in Cyberattacks

By
Kamil Dobrowolski
3 min read
InternetAI
⚠️ Heads up: this article is from our "experimental era" — a beautiful mess of enthusiasm ✨, caffeine ☕, and user-submitted chaos 🤹. We kept it because it’s part of our journey 🛤️ (and hey, everyone has awkward teenage years 😅).

Key Takeaways

  • 90% of cyberattacks in 2023 used Remote Desktop Protocol (RDP) for initial access, the highest since 2020.
  • RDP was used by attackers to compromise victims multiple times, installing malware and disabling protection tools.
  • External remote services are a frequent source of initial access for attackers, posing significant risks for businesses.
  • FBI, US CISA, and ACSC advised businesses to strictly limit the use of RDP to minimize the threat posed by ransomware groups.
  • BianLian ransomware group typically targets Windows systems through RDP credentials, highlighting the severity of the threat.

News Content

A recent study by Sophos reveals that Remote Desktop Protocol (RDP) is being increasingly exploited in cyberattacks, with nine out of ten incidents in 2023 involving its abuse. The analysis, based on over 150 cyberattack cases, found that RDP was the primary method of initial access in 65% of the cases. This trend has been consistent over the years, indicating the growing threat posed by the exploitation of external remote services. Cybercriminals have been using RDP to compromise victims' networks, installing malware, disabling security tools, and establishing remote access.

Notably, security experts have highlighted the significant risks associated with exposed RDP ports, urging businesses to implement stringent controls to mitigate these risks. The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) have advised organizations to strictly limit the use of RDP and other remote desktop services to counter the threat posed by ransomware groups such as BianLian. These findings underscore the necessity for businesses to enhance the security of their remote access solutions and consider the potential risks posed by RDP.

The study emphasizes the critical need for businesses to prioritize the security of their external remote services, given the growing frequency of RDP-based cyberattacks. As companies continue to rely on remote access for operational needs, it is paramount to heed the warnings issued by cybersecurity authorities and take proactive measures to safeguard against the exploitation of RDP and other remote desktop services.

Analysis

The increasing exploitation of Remote Desktop Protocol (RDP) in cyberattacks can be attributed to the convenience and accessibility it offers to cybercriminals. Short-term consequences include compromised networks, malware installation, and security tool disabling, while long-term effects could involve reputational damage and financial losses for affected businesses. The continued abuse of RDP underscores the urgency for companies to implement stringent security controls and heed warnings from cybersecurity authorities to mitigate the risks posed by remote desktop services. Future development predictions suggest a surge in sophisticated RDP-based cyberattacks, necessitating businesses to prioritize the enhancement of their remote access security.

Do You Know?

  • Remote Desktop Protocol (RDP): RDP is a proprietary protocol developed by Microsoft that enables users to connect to a computer running Microsoft Windows from a remote location. It is commonly used for remote access and management of computers and is increasingly being exploited by cybercriminals to gain unauthorized access to networks and carry out malicious activities.

  • Ransomware Groups such as BianLian: BianLian is a type of ransomware group that has been known to exploit vulnerabilities in Remote Desktop Protocol (RDP) to gain access to networks and carry out ransomware attacks. These attacks involve encrypting the victim's data and demanding a ransom for its release, posing significant risks to businesses and organizations.

  • Security Measures for RDP: In light of the growing threat posed by the exploitation of RDP, security experts and authorities recommend implementing stringent controls and limiting the use of RDP and other remote desktop services. This includes securing RDP ports, installing security tools, and taking proactive measures to mitigate the risks associated with external remote access.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings

We use cookies on our website to enable certain functions, to provide more relevant information to you and to optimize your experience on our website. Further information can be found in our Privacy Policy and our Terms of Service . Mandatory information can be found in the legal notice