Tech World

Cybersecurity: Cybercriminals Abuse Remote Desktop Protocol In Attacks- Sophos

33

A recent report by Sophos, a global cybersecurity firm, indicates a rising trend of cybercriminals employing Remote Desktop Protocol (RDP), commonly used for remote access on Windows systems, was found to be abused in 90% of cyber attacks.

Remote Desktop Protocol (RDP), is a protocol developed by Microsoft that enables users to remotely connect to and control another computer over a network connection, allowing interaction as if physically present at the machine.

Among the 150 incident response cases handled by the Sophos X-Ops IR team in 2023, remote external services were the primary vector for initial network breaches in 65% of reviewed cases.

Since the release of the Active Adversary reports in 2020, remote external services have consistently been the most common source of initial access for cybercriminals, according to the report.

Also Read: Cybersecurity essential for protecting vital infrastructure – Expert

John Shier, director of field technology at Sophos, emphasized the importance of prioritizing the management of these services when assessing enterprise risk, stating, “Remote outsourcing is a necessary but risky requirement for many businesses. Attackers understand the risks these services pose and actively seek to undermine them because of the reward that lies beyond.”

The report illustrated a case where attackers compromised a Sophos X-Ops client four times within six months, each time gaining initial access through exposed RDP ports. Once inside, the attackers continued to move laterally through customer networks, downloading malicious binaries, disabling endpoint protection, and establishing remote access.

Compromised credentials and exploitation of vulnerabilities remain the two most common root causes of attacks, the report highlighted.

Shier emphasized the importance of active risk management and the need to address vulnerabilities promptly, particularly regarding open RDP ports, which continue to pose significant risks to organizations.

“Securing the network by reducing exposed and vulnerable services and strengthening authentication will make organizations more secure overall and better able to defeat cyber-attacks,” said Shier.

Punch/Chidimma Gold

Jane Aluko 203 posts 0 comments
You might also like More from author

Comments are closed.