Remote Work Is Here – Is Your Security Ready?

As remote work becomes the norm, securing your infrastructure is more important than ever. RDP security is a critical concern for IT teams managing remote access, especially with the increased reliance on RDP (Remote Desktop Protocol) during global events like the COVID-19 pandemic. Misconfigured RDP settings and weak credentials continue to be a primary attack vector for cybercriminals.

Attackers often exploit vulnerabilities such as BlueKeep (CVE-2019-0708), or gain access through brute force, phishing, and credential stuffing. Once inside a system via RDP, they operate with administrator-level privileges. From there, they may disable backups, shut off security tools, clear logs, and install ransomware, cryptominers, or remote control software to maintain persistence.

One high-profile example is the GandCrab ransomware, which targeted Managed Service Providers (MSPs) via RDP to reach a broader victim base. Its successor, Sodinokibi, continued using similar tactics, demonstrating just how dangerous insecure RDP configurations can be.

Governments worldwide, including the FBI, UK NCSC, and Australia’s ACSC, have issued multiple warnings about growing RDP threats. BlueKeep, in particular, exposed thousands of legacy systems to wormable exploits. Even after Microsoft released patches, many outdated systems remained vulnerable.

To enhance RDP security, organizations must take immediate steps: use strong authentication methods, limit access, patch known vulnerabilities, and monitor RDP logs for unusual activity. ESET offers a free tool to help detect systems at risk from BlueKeep, which is especially useful for identifying legacy machines still in operation.

Securing RDP isn’t optional. It’s essential for maintaining control, protecting sensitive data, and preventing financially devastating attacks. Make RDP hard to reach, hard to break, and easy to monitor.

RDP-Configuring-security-for-a-remote-but-not-distant-future