H3-2022-0003

Remote Desktop Protocol (RDP) Port Exposed to the Internet

Description

The Remote Desktop Protocol (RDP) port is exposed to the internet. Attackers would exploit this misconfiguration by using brute-force attacks where they attempt numerous username and password combinations, often using lists of common usernames and passwords or credentials stolen from other data breaches. This form of attack is known for its simplicity and effectiveness in gaining unauthorized access to systems.

Impact

By exploiting this misconfiguration, attackers could gain remote access to your internal network, allowing them to deploy malicious software like ransomware or cryptominers, steal sensitive data, or cause more extensive network compromises.

References

• CSO Online
• MITRE ATT&CK Technique: T1133: External Remote Services