RDP Attack Methodologies
Malicious actors can gain higher permission levels with greater access to the network systems by attacking an employee connected to an infected computer inside the corporate network. The computer may have become infected with malware following the interaction with a phishing email (or alternative social engineering method), and the opening of a malicious payload attachment.
Weak passwords, old versions with inadequate encryption mechanisms, security flaws and misconfigurations, can leave RDP vulnerable to attacks, such as man-in-the-middle attacks; encryption attacks; transport layer security authentication; and denial-of-service (DNS).
Locating an open RDP gateway can either be done actively from an attacker using a port scanner such as NMAP, or by open source intelligence platforms which collect and share data such as Shodan or Censys. When we are looking at Shodan, we can see how many open RDP services are running on port 3389, and the approximate operating system which they are running.
Agile are offering a free Cyber Security Audit to take us up on the offer contact us