Cyber Security Alert
Attempted Unlawful Access to Networks
Threat: we have noted a trend where unlawful actors are attempting to gain access to remote desktop environments.
Why: from the remote desktop environment, a cyber-criminal can attain full access to network resources as well as anything that any user may have stored on the remote desktop server.
Identification: Common indicators of this attack are sluggish remote desktop behavior, dropped network connections or users being locked out of the remote desktop. These indicate that a third-party may be attempting to gain access to your network through a brute-force attack.
- Change the default ports for remote desktop.
- Ensure that password lockout policies are set, to include a max threshold of login attempts.
- Implement two factor authentication on RDP servers.
- Contact your Managed Security Services Provider (MSSP) who can provide you with means to protect against such threats.