Battling Bruteforce RDP Attacks

by |

Kaspersky Lab recently blogged that their new Intrusion Detection System, which detects RDP (Remote Desktop Protocol) bruteforce attack attempts, has identified, “dozens of thousands victims, +1000 unique detects each day since June 3rd.”

This isn’t a surprise. We know hackers target RDP connections – they have for years. 

RDP is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. RDP was really designed for remote access on a local area network (LAN), so the security issue arises when support teams use RDP over the Internet to connect to off-network systems, which typically requires a VPN tunnel and firewall configurations that compromise security--such as opening the default listening port, TCP 3389.  These open ports are easy for hackers to find through a simple internet scan, and the login credentials are often shared and susceptible to bruteforce attacks.

According to the Kaspersky Lab post, “Hacking an RDP-connection is very lucrative: once an attacker gets login-password pair for RDP, he or she effectively owns the system where the RDP server is installed. Attackers can then plant malicious software in the affected system, exfiltrate data, etc. He (or she) also can gain access to your company internal network, given that the “penetrated” workstation is connected to it, or attempt to check out all of the passwords in the browser installed on the affected system. Opportunities are multiple, and the consequences can be dire.”

What is a surprise is how many IT departments—particularly those in security-conscious sectors, such as Government—still use RDP to remotely access and support systems. The reason is easy to understand: RDP requires no additional agent or software and it’s easy to use, particularly for server administration. That’s why IT keeps using it.

The team here at Bomgar asked ourselves, “What if you could easily access RDP-enabled machines both locally and remotely without complex firewall configurations or VPNs while keeping your network secure?” Turns out you can! Earlier this year, we introduced RDP Integration in Bomgar, which allows secure, remote access to RDP-enabled Windows machines through Bomgar, without compromising ease of use and security.

Adding Bomgar offers a number of benefits for RDP users:

  • Utilize a Bomgar Jumpoint to securely connect via RDP to remote networks without port forwarding or VPNs.
  • Remove RDP access to Server LAN Segments and install a Bomgar Jumpoint. 
  • Collaborate with multiple reps in RDP sessions.
  • Capture an audit trail of RDP sessions that occur through Bomgar.
  • Provide support from any desktop platform: Windows, Mac, or Linux.

So in addition to making hackers’ jobs harder, Bomgar’s integration for RDP makes it easier for you to support all of your RDP-enabled system, while capturing a full audit trail of every action taken.

If you want to learn more, check out this webinar I recorded earlier this year. Or read more about Bomgar’s integration for RDP here.

Try Bomgar button
Chat button
Chat with Support