FBI warns companies about hackers increasingly abusing RDP connections

In a public interest message released today by the Federal Bureau of Investigation (FBI) Cybercrime Complaint Complaint Center (IC 3), the FBI warns companies about the danger of bringing PDR endpoints online.

RDP is a proprietary technology developed by Microsoft in the 1990s, stands for Remote Desktop Protocol that allows users to connect to remote computers and interact with the operating system via a visual interface such as a mouse or keyboard. . "

For most personal computers, RDP access is not enabled, but it is enabled on workstations in the corporate network and computers in remote locations. The system administrator must have that access right.

In addition, researchers found a vulnerability in Apple's process MDM DEP

FBI said alerts have increased the number of computers with RDP connections since mid-2016.

This statement of FBI correlates with figures and trends reported by recent cyber security companies. In the case of Ecure, only one company of Rapid 7 which increased 9 million devices with port 3389 (RDP) on the Internet to the beginning of 2016 to over 11 million by the middle of 2017 .

Hackers too, cyber security reports. The first private sector alert on increasing the number of endpoints in PDR has attracted hacker's attention long before system administrators.

In recent years researchers discovered that hackers first contacted the victim network via computers with RDP connections.

This is more than anywhere, more than a transcript attack. Over the past three years, hackers have been specially designed to deploy dozens of Ransomware families on the network after winning the first position that hackers are often the RDP server.

Ransomware deployed via RDP includes Crypton, LockCrypt, Scarabey, Horsuke, SynAck, Paymer Bit, RSAUtil, Xpan, Crysis, SamSam, Low Level, DMA Locker, Apocalypse, Smrss 32, Bucbi, Aura / BandarChor, ACCDFISA and Globe .

Here, there is a single user telling Reddit 's event that a hacker has intruded via RDP and launched ransomware that encrypted many systems.

CNET: IoT attack deteriorates

There are three ways to hackers …

Hope you like the news FBI warns companies about hackers increasingly abusing RDP connections. Stay Tuned For More Updates 🙂

Compsmag