Security News

Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports. RDP needs to be well protected, and direct access should never be provided to an RDP server.

The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. Due to its prevalent use in corporate networks, cybercriminals have built a thriving economy around selling the stolen credentials for RDP servers.

VanDyke Software announced the official releases of SecureCRT 9.0 and SecureFX 9.0. Built-in RDP support in secureCRT 9.0 for Windows.

February 2021 Patch Tuesday: Microsoft and Adobe fix exploited zero-daysAdobe has fixed a Reader flaw used in limited attacks, as well as delivered security updates for a variety of products, including Acrobat and Reader, Dreamweaver, and Magento. In the wake of the COVID-19 pandemic, security has become a top priority for nearly all organizations.

The COVID-19 pandemic continued to influence the cybercrime landscape in 2020, ESET reveals. Most notably, the new attack surface created by the shift to work from home brought further growth of Remote Desktop Protocol attacks, albeit at a slower rate compared to previous quarters.

Netscout so far has identified more than 14,000 "Abusable" Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic. What's more, while initially only advanced attackers with access to "Bespoke DDoS attack infrastructure" used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called "Booters," they said.

Windows admins can configure RDP to run on TCP port 3389 or UDP port 3389, and if the latter is enabled, the system can be abused to launch DDoS attacks that have an amplification ratio of 85.9:1. The company has reported seeing roughly 14,000 unprotected RDP servers that can be abused for such attacks.

"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.

Guidewire Software announced a new Remote Desktop Protocol, Exposure Signal, for its Guidewire Cyence for Cyber product. Cyberattacks against Internet-exposed RDP servers are surging, and Exposure Signal is designed to detect on-demand whether a company's RDP has been exposed to the internet and a potential cyberattack.

The COVID-19 pandemic has apparently resulted in industrial systems being increasingly targeted by malicious actors through brute-force attacks on the Remote Desktop Protocol, Kaspersky reported on Thursday. Kaspersky's report on the industrial threat landscape for the first half of 2020 reveals that the number of attacks aimed at RDP on industrial computers increased steadily between February and May. The cybersecurity firm has seen brute-force attacks against RDP passwords on 0.16% of the industrial control systems it protected in February and 0.33% in May. The percentage dropped slightly in June, but still remained at an above average level.