The 2019 Vectra Spotlight report disclosed that the Remote Desktop Protocol (RDP) is a widely exposed and vulnerable attack surface and will likely continue in the near future due to the protocol’s prevalent use. Vectra research reveals 90% of surveyed organizations exhibit a form of malicious Remote Desktop Protocol (RDP) behaviors. The Spotlight Report indicates manufacturing industry experienced the highest volume of suspicious RDP behaviors.
This resource is not yet available. It will be published soon so stay tuned!
September 25, 2019
Cyberattackers characteristically follow the path of least resistance to achieve their objectives. They will attempt to use existing administrative tools before they introduce new malicious software to perform internal reconnaissance, move laterally and exfiltrate data from a network.
One of the most popular administrative tools is RDP, which is used by IT system administrators to centrally control their remote systems with the same functionality as if they were local. RDP is an even more vital tool for managed service providers (MSPs) in their management of hundreds of client networks and systems.
According to the Vectra 2019 Spotlight Report on RDP, from January-June 2019, the company’s Cognito platform detected 26,800 suspicious RDP behaviors in more than 350 deployments. Data from Vectra confirms that RDP remains a very popular technique for cyberattackers, with 90% of these deployments exhibiting RDP attacker behavior detections.
The 2019 Spotlight Report on RDP is based on the analysis of data in the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviors and trends in networks from a sample of more than 350 opt-in Vectra deployments from January-June 2019. The Attacker Behavior Industry Report provides statistical data about behaviors that attackers exhibit while trying to blend in with existing network traffic and mask their malicious actions.