Remote management services
In most ransomware cases I have encountered, attackers were able to leverage RDP to access and jump between servers inside a corporate network. Microsoft has also stated in their annual report, Microsoft Digital Defence Report 2022, which can be found here – https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022 – that RDP is also one of the main attack vectors when it comes to ransomware attacks.
Note
It’s a common joke that RDP stands for Ransomware Deployment Protocol, but there is some truth behind this. According to Shodan, there are over 4 million servers on the internet that have RDP enabled and are publicly accessible.
The issue with RDP is that it does not have any built-in MFA mechanism by default. You can, publish RDP with MFA via other Remote Desktop Services (RDS) features, such as RDS Gateway, which is part of Windows Server.
Using RDS Gateway to publish it externally, all RDP...
