Hackers love Windows'? Remote Desktop

Hackers love Windows' Remote Desktop

Mark Anthony Germanos Mark Anthony Germanos

Mark Anthony Germanos

“AI for Beginners” Author | Cybersecurity Trainer | vCISO. Helping you bridge AI and cybersecurity. You get more done in less time and grow your business securely.

发布日期: 2020年7月20日
+ 关注

Remote Desktop is a big vulnerability

Maybe you use Microsoft’s Remote Desktop feature to connect to your workstation at work from…anywhere. Remote Desktop has been in Windows for 20 years at no extra cost. The network administrator at my target reviews the workstation’s logs through Windows’ Event Viewer. This screenshot is from my research honeypot.

No alt text provided for this image

Attackers see Windows' Remote Desktop is open. They pound away until they stumble across a password that works

Someone is trying to login to this virtual machine at a ferocious pace

The unlucky soul who has to read these logs finds login attempts are international. My perusal shows login attempts from five IP addresses:

211.72.1.31 in Taipei, Taiwan

24.142.48.215 in Dartmouth, Canada

?87.147.195.55 in Olching, Germany

47.185.77.29 in Keller, Texas

91.234.125.163 is in Sosnicowice, Poland

Assuming it is one hacker who either employed a botnet (a series of computers simultaneously tasked with a large task) or is running multiple VPN connections; he will eventually succeed. He is trying to login with user accounts Administrator, win and userid60307. He will eventually succeed when:

1. Administrator, win or userid60307 use one of the simple passwords from page 17 of https://howhackshappen.com.

2. The hacker stumbles across the correct password in his wordlist.

3. Assuming Daphne Prancer uses this workstation, the hacker tries logging in as Daphne with the password 2018Prius (also from https://howhackshappen.com).

Get ready for some math

This attack may go indefinitely. “How ferocious is this attack?” you may ask. Get ready for some math. I counted how many times Event ID 4625 occurred in one minute. The answer is…105. Yes, I counted 105 failed logins within 60 seconds. Do the math and you’ll find a rate of 151,200 failed login attempts a day. Do more math and you’ll find a rate of 55,188,000 attempts a year. The hacker will eventually succeed. I did not launch this attack. I checked the logs and found someone else is doing my work for me.

--

Content from How Hacks Happen and how to protect yourself. Visit https://howhackshappen.com and view three chapters online for FREE today or visit https://www.amazon.com/How-Hacks-Happen-protect-yourself/dp/0983576920/. By Mark Anthony Germanos, of https://cybersafetynet.net/about-cyber-safety-net/.

要查看或添加评论,请登录

Mark Anthony Germanos的更多文章

社区洞察

其他会员也浏览了