The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) yesterday issued a warning that cyber actors are increasingly exploiting the Remote Desktop Protocol (RDP) to conduct malicious activity. The warning explains RDP as a “proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet.” It also explains that malicious actors have developed ways to identify and exploit vulnerable RDP sessions over the internet to “compromise identities, steal login credentials, and ransom other sensitive information.” The warning also identified weak passwords, using outdated versions of RDP, allowing unrestricted access to the default RDP port, and allowing unlimited login attempts to a user account as RDP vulnerabilities. DHS and the FBI suggested that business, as well as private citizens, “review and understand what remote accesses their networks allow and take steps to reduce the likelihood of compromise, which may include disabling RDP if it is not needed.”
