ARTICLE
27 January 2021

Cyberattacks Directed At 33,0000 Microsoft Remote Desktop Protocol Servers (RDP)!

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
BankInfoSecurity.com reported "that researchers have identified about 33,000 vulnerable Microsoft RDP servers that could be abused by threat actors to boost their DDoS attacks.
United States Technology

BankInfoSecurity.com reported “that researchers have identified about 33,000 vulnerable Microsoft RDP servers that could be abused by threat actors to boost their DDoS attacks. RDP is a proprietary Microsoft communications protocol that system administrators and employees use to remotely connect to corporate systems and services.” The January 25, 2021 report entitled “DDoS Attackers Exploit Vulnerable Microsoft RDP Servers” included these comments about Netscout's research:

Netscout researchers have identified about 33,000 vulnerable Microsoft RDP servers that could be abused by threat actors to boost their DDoS attacks. RDP is a proprietary Microsoft communications protocol that system administrators and employees use to remotely connect to corporate systems and services.

Microsoft RDP can be configured by Windows systems administrators to run on TCP port 3389 or UDP port 3389, according to the report.

The researchers found that when the Microsoft RDP service is configured to UDP port 3389, attacks could amplify network packets from vulnerable ports and redirect that traffic to targeted IP addresses, increasing the size of a DDoS attack at little cost, according to the report.

In some cases, the Netscout researchers found an amplification ratio of 85.9:1, which means that for every 10 gigabytes per second of requests directed at an RDP server, the threat actors could redirect 860 gigabytes per second of network traffic at the targeted IP address as part of the DDoS attack, the report notes.

"Observed attack sizes range from ~20 Gbps - ~750 Gbps," according to the Netscout report. "As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, RDP reflection/amplification has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population."

Please consider how critical this report is!

Originally Published by Ogletree Deakins, January 2021

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More