They are then in a position to potentially move laterally throughout a network, escalate privileges, access and exfiltrate sensitive information, harvest credentials, or deploy a wide variety of malware. Remote employees use RDP to log into the organization’s network to access email and files.Ĭyber threat actors (CTAs) use misconfigured RDP ports that are open to the Internet to gain network access. Network administrators use RDP to diagnose issues, login to servers, and perform other remote actions. It provides network access for a remote user over an encrypted channel.
RDP is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389. One such legitimate tool is Remote Desktop Protocol (RPD). An examination of the characteristics of these malware variants revealed that they often abuse legitimate tools or parts of applications on a system or network. These specific malware variants have traits allowing them to be highly effective against State, Local, Tribal, and Territorial (SLTT) government networks, consistently infecting more systems than other types of malware. The MS-ISAC observes specific malware variants consistently reaching The Top 10 Malware list.
0 kommentar(er)
