Examines the security vulnerabilities associated with remote desktop protocols and services. Covers common attack vectors such as brute force attacks, credential stuffing, and exploitation of exposed RDP ports, along with mitigation strategies and secure remote access alternatives.
posts
Port 3389: The Door You Left Wide Open In January 2024, the FBI and CISA issued a joint advisory warning that the Phobos ransomware group had been exploiting exposed Remote Desktop Protocol (RDP) services to breach organizations across government, healthcare, education, and critical infrastructure. The attackers didn't use
In September 2023, the FBI and CISA issued a joint advisory warning that the Play ransomware group had compromised over 300 organizations — and their most common initial access vector was exposed Remote Desktop Protocol. That's not a sophisticated zero-day exploit. That's a login screen sitting wide
An Open Door You Didn't Know You Left Unlocked In August 2021, the FBI and CISA issued a joint advisory warning that threat actors exploiting Remote Desktop Protocol (RDP) was the single most common initial access vector in ransomware attacks. Not phishing emails. Not zero-day exploits. RDP. The
A Single Exposed RDP Port Cost One Hospital Everything In 2023, a regional hospital in Illinois discovered that attackers had been inside their network for over three weeks. The entry point? A single Remote Desktop Protocol (RDP) port left open to the internet. The threat actors used brute-forced credentials to
In 2023, the FBI's Internet Crime Complaint Center flagged Remote Desktop Protocol (RDP) as one of the top three initial access vectors for ransomware incidents. That wasn't a surprise to anyone who monitors Shodan — the search engine that indexes internet-facing devices. On any given day, you
