Dubai: Vectra, the leader in network threat detection and response (NDR), has disclosed that the Remote Desktop Protocol (RDP) is a widely exposed and vulnerable attack surface and will likely continue in the near future due to the protocol’s prevalent use.
Cyberattackers characteristically follow the path of least resistance to achieve their objectives. They will attempt to use existing administrative tools before they introduce new malicious software to perform internal reconnaissance, move laterally and exfiltrate data from a network.
One of the most popular administrative tools is RDP, which is used by IT system administrators to centrally control their remote systems with the same functionality as if they were local. RDP is an even more vital tool for managed service providers (MSPs) in their management of hundreds of client networks and systems.
According to the Vectra 2019 Spotlight Report on RDP, from January-June 2019, the company’s Cognito platform detected 26,800 suspicious RDP behaviors in more than 350 deployments. Data from Vectra confirms that RDP remains a very popular technique for cyberattackers, with 90% of these deployments exhibiting RDP attacker behavior detections.
Manufacturing and finance organizations have the highest rate of RDP detections at 10 and eight detections per 10,000 workloads and devices, respectively. The top five at-risk industries are manufacturing, finance and insurance, retail, government, and healthcare. The top three industries – manufacturing, finance and insurance, and retail – together account for almost half (49.8 percent) of all RDP detections.
Within the manufacturing industry, mid-sized organizations had the highest rate of RDP detections at a rate of 20 per 10,000 workloads or devices, which is 82% higher than medium-sized retail, which is the next highest industry subsegment, and 100% higher than small finance and insurance organizations.
Although the manufacturing industry has the highest rate of RDP detections, IT managers in manufacturing organizations are likely to prefer the massive cost and time savings of centralized management enabled by RDP over the increased potential abstract risk of a cyberattacker exploiting it. The use of RDP provides significant business value because it enables centralized management of geographically distributed business systems.
“Cybercriminals know that RDP is an easy-to-access administrative tool that allows them to stay hidden while carrying out an attack,” said Chris Morales, head of security analytics at Vectra. “It’s essential for security teams to understand how RDP is used by attackers because it will continue to be a threat in the near future.”
As they make their way through the attack lifecycle, cybercriminals perform internal reconnaissance and move laterally in an attempt to identify and access systems that contain valuable data. The ubiquity of RDP on Windows systems and its frequent use by system administrators make RDP the ideal tool for attackers to avoid detection while performing these functions.
The 2019 Spotlight Report on RDP is based on the analysis of data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of more than 350 opt-in Vectra deployments from January-June 2019. The Attacker Behavior Industry Report provides statistical data about behaviors that attackers exhibit while trying to blend in with existing network traffic and mask their malicious actions.
The Cognito platform accelerates network detection and response using sophisticated AI to collect, enrich and store network metadata with the right context to detect, hunt and investigate hidden threats in real time. The Cognito platform scales efficiently to the largest organizations’ networks with a distributed architecture using a mix of cloud, virtual and physical sensors that provide 360-degree visibility across cloud, data center, and user and IoT networks, leaving attackers with nowhere to hide.
- ENDS -
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed. For more information, visit vectra.ai.
Procre8 (on behalf of Vectra)
+971 52 288 0850
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.