The Covid-19 pandemic has led to more employees working from home than ever before. But it has also increased the number of incidents stemming from this phenomenon. In this publication, we explore how you can ensure that remote working happens effectively using Microsoft’s Remote Desktop Protocol.
The Covid-19 pandemic has led to more employees working from home than ever before. Organisations needed to quickly pivot to accommodate remote employees connecting to company networks as the situation played out in early 2020.
One method of allowing remote connection is to use Microsoft’s inbuilt Remote Desktop Protocol (RDP). This allows a user to login to a remote server using their normal network credentials to an interface similar to a normal Windows desktop.
For smaller organisations who outsource their IT, it also allows them to access the organisation’s network to perform upgrades, maintenance, backups. RDP comes standard with Windows and requires very minimal set up for the user to create a client/server connection.
IT teams were not prepared for the race to keep organisation’s employees online; and misconfiguration of RDP has raised some security concerns.
Gridware has recently observed an increase in company breaches via the RDP protocol that can lead to data exfiltration, ransomware, spam bots or crypto mining. Security firm ESET estimates the number of brute-force attacks targeting RDP connections has steadily increased, spiking to:
There are several commonly used techniques used by threat actors to access an organisation’s network via RDP.
Recommendations to secure your RDP network
Gridware can assist your organisation and IT services with forensic and cyber breach analysis, network security configuration and penetration testing.
Dr. Robert Fearn (PhD) is an experienced Forensic Manager with a history of working in the law enforcement industry – both in the police force and in the legal sector. As well as a practical and intuitive understanding of the current threat landscape, he brings a strong research background to the Gridware team with a PhD from UNSW and contributes strongly to our thought leadership strategy.
Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.