23 January 21, 10:17
Quote:Cybercriminals can exploit Microsoft Remote Desktop Protocol (RDP) as a powerful tool to amplify distributed denial-of-service (DDoS attacks), new research has found.
Attackers can abuse RDP to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1, principal engineer Roland Dobbins and senior network security analyst Steinthor Bjarnason from Netscout said in a report published online this week.
However, not all RDP servers can be used in this way. It’s possible only when the service is enabled on port UDP port 3389 running on standard TCP port 3389, researchers said.
Netscout so far has identified more than 14,000 “abusable” Windows RDP servers that can be misused by attackers in DDoS attacks—troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic.
This risk was highlighted earlier this week when researchers identified a new malware variant dubbed Freakout adding endpoints to a botnet to target Linux devices with DDoS attacks.
Read more: https://threatpost.com/threat-actors-can...ks/163248/