The Remote Desktop Protocol (RDP) is one of the top tools utilized by cyber attackers to move laterally and exfiltrate data from a network before introducing their malicious software to perform internal reconnaissance, according to a new Vectra 2019 Spotlight Report on RDP.
RDP is used by IT system administrators to centrally control their remote systems with the same functionality as if they were local, and RDP is an even more vital tool for managed service providers (MSPs) in their management of hundreds of client networks and systems, notes the report. Three major attack scenarios in 2019 – an Iranian cyber-espionage group; a Chinese state sponsored actor; and a healthcare ransomware extortion scheme – leveraged RDP as part of the broader campaign, says the report.