In 2020, there were 3.3 billion RDP cyberattacks, a 242% surge compared to 2019. Among the most common attack methods, RDP attacks exploit the need to remotely connect to other computers in the network. Zero trust can prevent these types of attacks by authorizing client software before opening the RDP protocol. Here’s how it works:
RDP (Remote Desktop Protocol) is a Microsoft-developed protocol for remote management and access to applications and virtual desktops. Through RDP, users mirror the interface of the computer they are accessing in order to easily manage and work on it. Often they can access all files and applications on the device.
RDP is frequently used by engineers, IT, DevOps and additional roles who need to connect to remote servers and computers for troubleshooting, support and maintenance. Since the onset of Covid-19 and the resultant growth of remote work, the use of RDP has surged. According to some reports, the increase was as high as 40%!
RDP sessions can be compromised by unauthorized users who exploit vulnerabilities on the RDP server, which is the computer or server being accessed remotely. An attacker can pose as the RDP client and transmit malware that exploits RDP server vulnerabilities. In many cases an outdated RDP server can lead to a complete takeover of the server, ultimately enabling reconnaissance and/or lateral movement in the network.
These attacks exploit open RDP protocols that are listening for RDP connections. Attackers who can find them and maliciously identify themselves as the user can gain access to the network and all its data.
Zero trust operates on the premise that no user is inherently trusted to access any application until their identity is authenticated. When it comes to RDP connections, zero trust functions as a broker between the client and the server. Instead of the RDP protocol being continuously open, every client attempting to connect has to be identified and authorized through the zero trust framework. Only then will the user get access to the RDP server, while the ZT provider verifies policy enforcement and monitors the entire session.
Here at Cyolo, we're working hard to ensure companies like yours can empower remote users to securely access all the systems and applications they need. Instead of relying solely on the manual enforcement of difficult-to-implement company policies, like closing RDP protocols and changing the RDP port number, Cyolo’s zero trust solution ensures RDP servers cannot be exploited and that all RDP users are legitimate ones.
Schedule a demo to see the Cyolo solution in access.
Author
Eran Shmuely is the Chief Architect and Co-Founder of Cyolo. Prior to Cyolo, Eran was the Senior Security Engineer at Salesforce and the Open-Source Security Research Leader at GE Digital.