Cybercriminals abused remote desktop protocol (RDP) in 90% of attacks, the highest incidence of RDP abuse since 2020, according toĀ theĀ latestĀ active adversary reportĀ byĀ Sophos.Ā Ā
The report,Ā based on analysis from more than 150 incident response (IR) cases handled by the Sophos X-Ops IR team in 2023, found that the most common root cause of attacks was external remote services such as RDP (65%).
āExternal remote services are a necessary, but risky, requirement for many businesses.Ā Attackers understandĀ the risksĀ these servicesĀ poseĀ and actively seek to subvert them due to the bounty that lies beyond them.Ā Exposing services without careful consideration and mitigation of their risks inevitably leads to compromise. ItĀ does notĀ take long for an attacker to find andĀ breach an exposed RDP server, and without additional controls, neither does finding theĀ Active Directory serverĀ that awaits on the other side,āĀ saidĀ John Shier,Ā field CTO at Sophos.
Managing risk
Shier posits that organisations must be proactive in managing risks to strengthen security amidst threats.
"An important aspect of managing security risks, beyond identifying and prioritising them, is acting on the information. Yet, for far too long, certain risks, such as open RDP continue to plague organisations, to the delight of attackers who can walk right through the front door of an organisation. Securing the network by reducing exposed and vulnerable services and hardening authentication will make organisations more secure overall and better able to defeat cyberattacks,ā said Shier.