Friday, September 28, 2018

FBI ALERT: 9/27/18

I-092718-PSA "RDP Warning needs to be heeded".

Questions regarding this PSA should be directed to your local FBI Field Office.

Local Field Office Locations: www.fbi.gov/contact-us/field.  

ISSUE: Remote Desktop Protocol has been on the rise since mid-2016 as attack vector

RDP or remote desktop protocol is being exploited by attackers to conduct malicious activity the FBI warns in its public service announcement on September 27th, 2018.  Members, clients and others are advised to reach out to your local FBI Office for information concerning this public service announcement.  

Definitions:  Remote Desktop Protocol (RDP) is a proprietary network protocol that allows an individual to control the resources and data of a computer over the Internet. This protocol provides complete control over the desktop of a remote machine by transmitting input such as mouse movements and keystrokes and sending back a graphical user interface. In order for a remote desktop connection to be established, the local and remote machines need to authenticate via a username and password. Cyber actors can infiltrate the connection between the machines and inject malware or ransomware into the remote system. Attacks using the RDP protocol do not require user input, making intrusions difficult to detect.

Some Suggestions For Protection:

  1. Audit your network for systems using RDP for remote communication
  2. Verify all cloud-based virtual machine instances with a public IP do not have open RDP posts, specifically port 3389, unless there is a valid business reason to do so.  Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access it through a firewall.
  3. Apply two-factor authentication, where possible
  4. Apply system and software upgrades regularly
  5. Maintain a good back-up strategy
  6. Enable logging and ensure logging mechanisms capture RDP logins.  Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
For additional recommendations see the PSA.
Posted by at

1 comment:

Unknown said...

InfraGard members should be contacting their NYC Metro FBI InfraGard Coordinator. All others call the general information number at the NYC FBI Field Offices.

September 29, 2018 at 11:51 AM

Post a Comment

Subscribe to: Post Comments (Atom)