[CoIT-Security] Cybersecurity Advisory - Elevated Risk to Open RDP Ports (TLP: GREEN)

CoIT Security coit-security at lists.onenet.net
Fri Oct 27 11:39:00 CDT 2017 

CoIT Members:

Cybersecurity Advisory

>>>>>>>>>>>>

Cyber threat actors are leveraging open Remote Desktop (RDP) ports to compromise systems and also spread ransomware.  Access to systems over RDP has been reported through brute force, dictionary, and stolen credentials compromised and sold on the dark web.  This is a elevated risk indicating active efforts against public and private sectors.

Recommendation:
Block all public access to RDP: 3389 TCP/UDP or RDP custom defined port/application.

Best Practices:

The following list includes self-protection strategies against ransomware campaigns targeting RDP/3389:



*         Back up data regularly

*         Verify integrity of back up process

*         Keep software updated

*         Use strong passwords to protect RDP credentials

*         If possible, use two factor authentication

*         Audit who accesses RDP

*         Establish whitelist access for RDP

*         Consider disabling RDP if not in use

*         Change RDP port from 3389 to another unused port

*         Block RDP via firewall

*         Audit logs for all remote connection protocols

*         Audit logs to ensure all new accounts were intentionally created

*         Scan for open or listening ports, and mediate


Administrative Note This product is marked TLP:GREEN. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP: GREEN information may not be released outside of the community.

If you have questions about this advisory, please let me know.

Thanks,
April Goode MBA SPP
Director of OneNet Strategic Planning and Communications

[OneNetBluBlk_rgb]
Learn how OneNet powers weather prediction at the National Weather Center.<https://onenet.net/national-weather-center-tour/>
Oklahoma State Regents for Higher Education
655 Research Parkway Suite 200
Oklahoma City, OK 73104
P 405.225.9251
F 405.225.9250
Toll-free 888.5.ONENET
april at onenet.net<mailto:april at onenet.net>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20171027/a2efad94/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 13484 bytes
Desc: image001.png
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20171027/a2efad94/attachment-0001.png>

More information about the CoIT-Security mailing list