Microsoft's Remote Desktop Protocol (RDP) is a protocol that enables remote system communication. System administrators frequently use it to oversee Windows systems and assist users in troubleshooting problems. Cybercriminals can, however, also use RDP to enter networks without authorisation.<\/p>\n\n\n\n
Cybercriminals use the Remote Desktop Protocol (RDP) lateral movement technique to migrate laterally within a network by taking advantage of flaws or vulnerabilities in RDP settings. Users can access remote desktops and systems through a network connection using the reliable and popular RDP protocol. Misconfigured or abused, however, has the potential to pose a severe security threat.<\/p>\n\n\n\n
RDP ports are frequently open to the Internet, which makes them a popular target for hackers. An attacker might utilise an RDP box to access the entire network, which could be the beginning point for spreading malware or carrying out other nefarious operations. Attackers can access a network in several methods, including by deploying malware or logging in over RDP with credentials that have been stolen or guesswork, moving laterally across the network, or escalating privileges. Another technique is \"resuming\" an RDP session previously terminated by the attacker to get access to a privileged system without requiring the user's credentials. Purchasing RDP credentials on the dark web is a popular and reasonably priced practice. RDP ports that are incorrectly configured might also provide attackers even more network access.<\/p>\n\n\n\n
To summarise, attackers may carry out the following steps:
The attacker first gains access to a single system within the target network, often through phishing, exploiting vulnerabilities, or credential theft. Once inside the network, the attacker performs reconnaissance to identify other systems, services, and potential targets. They may use tools and techniques to discover vulnerable systems or weak security configurations. The attacker scans the network for systems with open RDP ports (usually TCP port 3389). They may use port scanning tools like Nmap to identify potential RDP targets.<\/p>\n\n\n\n
Attackers may try to brute-force their way into RDP-protected systems if the credentials (such as username\/password combinations) are weak or straightforward to figure out. They can obtain access using previously stolen credentials or automated programs to guess passwords.
Attackers may take advantage of well-known flaws in the RDP protocol or the target system's RDP service. In the past, vulnerabilities such as BlueKeep (CVE-2019-0708) have been targeted.<\/p>\n\n\n\n
An attacker may take RDP credentials from a compromised system and use them to log into other methods if they have already gained access to a system with high-level privileges.
An attacker can utilise a machine they have access to through Remote Desktop Protocol (RDP) as a springboard to compromise systems on the network further. They can try to elevate privileges on the recently accessed machine to obtain even more power.
Depending on their objectives, attackers with access to many systems can launch more attacks, exfiltrate data, install malware, or carry out other nefarious tasks.<\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft’s Remote Desktop Protocol (RDP) is a protocol that enables remote system communication. System administrators frequently use it to oversee Windows systems and assist users in troubleshooting problems. Cybercriminals can, however, also use RDP to enter networks without authorisation. Cybercriminals use the Remote Desktop Protocol (RDP) lateral movement technique to migrate laterally within a network … Continue reading “Remote Desktop Protocol (RDP)”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","meta":{"footnotes":""},"class_list":["post-1800","glossary","type-glossary","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/gabey.com.au\/gabeyinfo\/index.php\/wp-json\/wp\/v2\/glossary\/1800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gabey.com.au\/gabeyinfo\/index.php\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/gabey.com.au\/gabeyinfo\/index.php\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/gabey.com.au\/gabeyinfo\/index.php\/wp-json\/wp\/v2\/users\/1"}],"version-history":[{"count":0,"href":"https:\/\/gabey.com.au\/gabeyinfo\/index.php\/wp-json\/wp\/v2\/glossary\/1800\/revisions"}],"wp:attachment":[{"href":"https:\/\/gabey.com.au\/gabeyinfo\/index.php\/wp-json\/wp\/v2\/media?parent=1800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}