RDP hijacking attacks explained, and how to mitigate them

Source
Advertisement


RDP hijacking definition

One means of compromising systems cherished by malware authors is Remote Desktop Protocol (RDP). It provides a convenient way for system administrators to manage Windows systems and help users with troubleshooting an issue.

RDP hijacking attacks often exploit legitimate features of the RDP service rather than purely relying on a vulnerability or password phishing. In fact, the WannaCry ransomware is known to enumerate remote desktop sessions in an attempt to hijack RDP sessions and execute malware on each session.

Advertisement