Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

2021-01-22 12:45

Netscout so far has identified more than 14,000 "Abusable" Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic.

What's more, while initially only advanced attackers with access to "Bespoke DDoS attack infrastructure" used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called "Booters," they said.

RDP is a part of the Microsoft Windows OS that provides authenticated remote virtual desktop infrastructure access to Windows-based workstations and servers.

To mitigate the use of RDP to amplify DDoS attacks and their related impact, researchers made a number of suggestions to Windows systems administrators.

First and foremost they should deploy Windows RDP servers behind VPN concentrators to prevent them from being abused to amplify DDoS attacks, they said.

"Network operators should perform reconnaissance to identify abusable Windows RDP servers on their networks and/or the networks of their downstream customers," Dobbins and Bjarnason advised.

News URL

https://threatpost.com/threat-actors-can-exploit-windows-rdp-servers-to-amplify-ddos-attacks/163248/

#attack #ddos #exploit #RDP #server #threat #windows

News URL

Related news