[Whitepaper] RDP Attacks Explained

RDP (Remote Desktop Protocol) is a protocol that provides a connection to a remote machine. RDP is widely used by remote workers. Its usage rate is increased because of the coronavirus. This is not the only reason why attackers prefer attacking this service. Attackers are able to execute commands remotely or even sometimes gain control of the GUI of the target machine.

 

Brute force attacks on RDP can be made via automated tools if the RDP port is open. This attack is useful when the usernames and passwords are easy to guess and related to the target’s private life (name, city, pet name, etc.).

 

BlueKeep vulnerability (CVE-2019-0708) provides attackers to execute commands remotely on the target machine. This vulnerability is popular and can be found in the Metasploit exploit module.

 

There are 103 CVE Records for RDP vulnerabilities.