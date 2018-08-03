The recently reported hack of LabCorp – one of the largest blood testing labs in the U.S. – has raised some legitimate questions about the defense strategies of corporations in an era when cyber attacks can happen at any time. While there are probably many factors that led to the attack, it’s worth focusing on Windows Remote Desktop Protocol (RDP).

Targeting RDP

It’s not surprising that the hackers went after RDP. Windows services are very attractive as they are bound to an Active Directory domain for authentication. If multiple Active Directory domain trusts are badly configured, hackers can confirm credentials for internal and other restricted domains.

However, what IS surprising is that so many companies remain unaware of the risks that come with potentially exposing RDP over the Internet. Once hackers breach RDP, they can validate user accounts, guess passwords, and then infect multiple systems with ransomware like SamSam — which is what happened at LabCorp.

Via the fine folks at Devolutions.