Threat: we have noted a trend where unlawful actors are attempting to gain access to remote desktop environments.

Why: from the remote desktop environment, a cyber-criminal can attain full access to network resources as well as anything that any user may have stored on the remote desktop server.

Identification: Common indicators of this attack are sluggish remote desktop behavior, dropped network connections or users being locked out of the remote desktop.  These indicate that a third-party may be attempting to gain access to your network through a brute-force attack.

Solution:

1. Change the default ports for remote desktop.
2. Ensure that password lockout policies are set, to include a max threshold of login attempts.
3. Implement two factor authentication on RDP servers.
4. Contact your Managed Security Services Provider (MSSP) who can provide you with means to protect against such threats.