The FBI and DHS Issue PSA on Exploitation of Remote Desktop Protocol

Over the last several years, the NJCCIC has received incident reports from New Jersey businesses and organizations that were victims of cyber-attacks perpetrated via network access granted through Remote Desktop Protocol (RDP). The Internet Crime Complaint Center (IC3), in conjunction with the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS), issued a Public Service Announcement (PSA) on Thursday, September 27, detailing threat actors’ increased exploitation of RDP to conduct malicious cyber activities. RDP is a proprietary protocol developed by Microsoft to enable access to a computer or server over a network connection. However, if not properly secured, threat actors can exploit RDP to steal account credentials, compromise identities, and hold sensitive information for ransom. To protect against RDP-based attacks, the FBI and DHS recommend implementing strong passwords and account lockout policies, enabling multi-factor authentication where possible, keeping systems and software updated, and limiting network exposure for all control system devices. For additional information on how to reduce the risks associated with RDP, the NJCCIC recommends reviewing the FBI and DHS Public Service Announcement and the NJCCIC threat analysis Remote Access: Open Ports Create Targets of Opportunity, Undue Risk.