New cybersecurity threat using Remote Desktop Protocol


We have seen a recent uptick in computer networks being hacked through a common internet protocol called Remote Desktop Protocol or RDP.  This service provides a user with a graphical interface to connect to another computer over a network connection. It is most commonly used to allow remote access to servers. These hacks have been accomplished through brute force, which is a hacking method where the attacker uses common dictionary words or simple variations of dictionary words to break into systems.

Once hackers have gained access to the computer network via RDP, they have been installing ransomware, which is a form of malware that digitally encrypts and locks all the information contained on the network, making the information unusable. Victims of ransomware attacks are required to pay money – usually with untraceable cryptocurrencies, such as Bitcoin – to the attackers to have their files unlocked.

This activity follows a warning from the United States Computer Emergency Readiness Team back in March that identified such attacks as on the rise. You can read more about that at the US-CERT website.

What you should do

Block RDP access on your firewall or disable it if it is running on your computers or servers.  Also follow good password creation practices. Never, ever use a dictionary word or simple variation of a dictionary word as a password for any account on your network.

Our free eBook, Everything You Need to Know About Cybersecurity, has a section dealing with how to create a secure, memorable password.

If you are not in charge of IT, be sure to bring this information to the person who is. If you need help in configuring your firewall or any other IT configurations, please contact us and we will get you in touch with someone who can help.