According to a recent report by Sophos, cybercriminals are exploiting Remote Desktop Protocol in 90 per cent of cyber attacks.
According to a report obtained on Friday, this information is from the Sophos Active Adversary Report for 1H 2024.
This method, often used for remote access on Windows systems, was found to be misused in 90 per cent of attacks.
RDP is a Microsoft-developed protocol that enables users to remotely connect to and control another computer over a network connection.
Out of the 150 incident response cases dealt with by the Sophos X-Ops IR team in 2023, external remote services were the primary way for initial network breaches in 65 per cent of the cases analyzed.
The report states that external remote services have consistently been the most frequent source of initial access for cybercriminals since the launch of the Active Adversary reports in 2020.
It recommends that defenders prioritize the management of these services when assessing the risk to the enterprise.
John Shier, the field Chief Technology Officer at Sophos, said, “External remote services are necessary, but risky, for many businesses. Attackers understand the risks and actively seek to subvert them because of the potential rewards.
“Exposing services without careful consideration and mitigation of their risks inevitably leads to compromise. Attackers can easily find and breach an exposed RDP server, and without additional controls, finding the Active Directory server is no challenge either.
The report revealed that in one case involving a Sophos X-Ops customer, attackers successfully compromised the victim four times within six months, each time gaining initial access through the customer’s exposed RDP ports.
Once inside, the attackers continued to move laterally throughout the customer’s networks, downloading malicious binaries, disabling endpoint protection, and establishing remote access.
Compromised credentials and exploiting vulnerabilities are still the two most common reasons for attacks, according to the report.
“Managing risk is an active process. Organizations that do this well experience better security situations than those that don’t while facing continuous threats from determined attackers.
“An important aspect of managing security risks, beyond identifying and prioritizing them, is acting on the information. Yet, for far too long, certain risks, such as open RDP, continue to pose problems for organizations, to the delight of attackers who can easily gain access.
“Securing the network by reducing exposed and vulnerable services, as well as strengthening authentication, will enhance overall security and improve the ability to fend off cyberattacks,” Shier explained.
