Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  RDP used in fileless attacks
NextPrevious

RDP used in fileless attacks

News | 23 December, 2019 | 1

Researchers have identified new attack vectors which leverage the RDP drive sharing feature to perform fileless attacks and plant malware.

A standard feature of the Microsoft RDP implementation is the ability to share a drive from the client machine.  This appears as a network share to the server device at \\tsclient.  An attacker who was able to establish an RDP connection could then exfiltrate data by copying it to that share or execute a program on the server from an EXE file located on that share (on the client device).  If malware is executed from the client share, it leaves no forensic fingerprints on the servers disk – making it an effective form of fileless attack.

These standard abilities of RDP are very useful to support staff, but a powerful attack vector if abused.  Security researchers at Bitdefender provide a detailed analysis in their recent report.

Exploitation of this attack vector – which is a design feature not a vulnerability – requires valid login details for  an authenticated RDP session.  In the examples cited in the research report, it is thought that RDP accounts had been compromised by a brute force attack.  Another good reason to ensure strong passwords and VPN-only connectivity is used to protect access to RDP servers and limit it to only authorised users.

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
cyber security news, RDP, security breach

Related Post

  • BA record £183m fine for data breach

    By Mark Faithfull

    The record fine of £183,000,000 for a UK data breach signals a new era for the economics of information security. The first fine issued by the UK’s Information Commissioners Office (ICO) under the GDPR regimeRead more

  • What is Cable Haunt?

    By Mark Faithfull

    Cable Haunt is a vulnerability in millions of cable modems which allows an attacker to execute arbitrary code on the modem. This vulnerability is interesting for two reasons – firstly the scale due to theRead more

  • SQLite remote code execution vulnerability

    By Mark Faithfull

    A remote code execution vulnerability has been discovered in SQLite, dubbed Magellan 2.0 by the research team that discovered it. Tencent’s Blade security research team has published some details of a remote code execution vulnerability thatRead more

  • Citrix users face attack as RCE vulnerability is probed

    By Mark Faithfull

    When Positive Technologies reported a serious flaw in a core element of the Citrix architecture just before Christmas, they predicted up to 80,000 businesses could be at risk. If that vulnerability is exploited, attackers obtain directRead more

  • Travelex offline due to cyber-attack

    By Mark Faithfull

    In a statement posted on Twitter, Foreign Exchange specialist Travelex confirms that its systems had been subject to a cyberattack on New Years Eve and that many systems and services had been taken offline asRead more

NextPrevious

Recent Posts

  • Infrastructure Patching Problems
  • Internet Explorer zero-day RCE attack
  • Microsoft advises SIEM to help defend RDP
  • What is SIEM?
  • What is Cable Haunt?

Tags

blockchain Bluetooth Chrome Cisco credential stuffing CREST cyber crime cyber essentials cyber security cyber security news Data Protection Dell DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel Linux MacOS Meltdown microsoft OAuth patching PDF penetration testing phishing ransomware RDP Row Hammer security breach security testing SIEM Spectre supply chain attacks Sysinternals TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more