Historically, non-exposed systems protected by a firewall and NAT rules were generally considered not to be vulnerable to inbound RDP attempts however, threat actors have increasingly started to subvert these enterprise controls with the use of network tunneling and host-based port forwarding. As a result, FireEye has observed threat actors using native Windows RDP utilities to connect laterally across systems in compromised environments. Threat actors continue to prefer RDP for the stability and functionality advantages over non-graphical backdoors, which can leave unwanted artifacts on a system. When malware is removed from the equation, intrusions become increasingly difficult to detect. When sophisticated threat actors establish a foothold and acquire ample logon credentials, they may switch from backdoors to using direct RDP sessions for remote access.
On the other hand, Remote Desktop Services, and specifically the Remote Desktop Protocol (RDP), offers this same convenience to remote threat actors during targeted system compromises. Remote Desktop Services is a component of Microsoft Windows that is used by various companies for the convenience it offers systems administrators, engineers and remote employees.
0 kommentar(er)
