Security News > 2021 > January > Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Netscout so far has identified more than 14,000 "Abusable" Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic.
What's more, while initially only advanced attackers with access to "Bespoke DDoS attack infrastructure" used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called "Booters," they said.
RDP is a part of the Microsoft Windows OS that provides authenticated remote virtual desktop infrastructure access to Windows-based workstations and servers.
To mitigate the use of RDP to amplify DDoS attacks and their related impact, researchers made a number of suggestions to Windows systems administrators.
First and foremost they should deploy Windows RDP servers behind VPN concentrators to prevent them from being abused to amplify DDoS attacks, they said.
"Network operators should perform reconnaissance to identify abusable Windows RDP servers on their networks and/or the networks of their downstream customers," Dobbins and Bjarnason advised.
News URL
https://threatpost.com/threat-actors-can-exploit-windows-rdp-servers-to-amplify-ddos-attacks/163248/
Related news
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Windows Server 2025 released—here are the new features (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- AI-Assisted Attacks Top Cyber Threat For Third Consecutive Quarter, Gartner Finds (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)