Windows RDP servers are compromised for DDoS attacks
Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks. RDP is a part of the Microsoft Windows OS that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers. System administrators can configure RDP to run on TCP port 3389 and/or UDP port 3389.
Attackers can send the amplified attack traffic, which is comprised of non-fragmented UDP packets that originate at UDP port 3389, to target a particular IP address and UDP port of choice, researchers said.
As per Netscout, attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected to the target of a DDoS attack, amplified in size, resulting in junk traffic hitting the target's system and it allows attackers with access to limited resources to launch large-scale DDoS attacks by amplifying junk traffic with the help of internet exposed systems.’
This is what security researchers call a DDoS amplification factor, and it allows attackers with access to limited resources to launch large-scale DDoS attacks by amplifying junk traffic with the help of internet exposed systems.
Netscout is now asking system administrators who run RDP servers exposed on the internet to take systems offline, switch them to the equivalent TCP port, or put the RDP servers behind VPNs in order to limit who can interact with vulnerable systems.
Currently, Netscout said it is detecting more than 33,000 RDP servers exposed online and running on UDP port 3389.
Tech Mahindra with ThoughtSpot to offer Scalable and AI-Driven Analytics
Tech Mahindra and ThoughtSpot have announced a partnership to offer AI (Artificial Intelli...
Chennai researcher awarded ₹36 lakh from Microsoft
Microsoft has awarded a Chennai-based security researcher approximately Rs 36 lakh for spo...
Addverb Technologies opens "Bot-Valley", INR 75 Cr. Robots manufacturing facility
Addverb Technologies has inaugurated its world class manufacturing facility “Bot-Val...
Micro Focus charges up for Flagship Customer Event, Micro Focus Universe 2021
Micro Focus has reinforced its ongoing commitment to help customers win in the digital eco...
World Leadership Congress recognises Kamal Nath as 'CEO of the Year'
Sify Technologies Limited (NASDAQ: SIFY), India’s most comprehensive ICT solutions p...