What it is
Remote desktop protocol (RDP) is a common way to connect to a Windows computer remotely. Though this can be useful, the protocol has a number of vulnerabilities that can be exposed when connected to the internet.
RDP is a complex protocol that was not designed with modern internet security in mind, and is one of the most common pathways that leads to ransomware attacks.
Internet-exposed services are an easy target for attackers. Two of the most common issues with internet-exposed RDP servers are:
- attackers using credentials they have obtained, or
- attackers exploiting an unpatched vulnerability in RDP itself, such as Bluekeep.
CERT NZ advice on Bluekeep – CERT NZ
No matter how an attacker gains initial access, once they're in, they have a foothold on your network. This can lead to more damaging attacks, such as stealing or encrypting your business’ data.