eScan launches new TSPM Technology to block RDP hacking attacks

With growing complexity of cyber-attacks, enterprises are spending millions to avoid cyber-crime. However, due to bad security practices such as usage of elementary passwords for system access creates most vulnerable opportunity for cyber criminal
By: Microworld Technologies Inc
Spread the Word
Listed Under



Novi - Michigan - US

NOVI, Mich. - Oct. 6, 2017 - PRLog -- With the growing complexity of cyber-attacks, enterprises are spending millions to avoid cyber-crime. However, due to bad security practices such as usage of elementary passwords for system access creates most vulnerable opportunity for cybercriminals. In such scenarios, cybercriminals use brute force attack to take control of a network. Based on "National Exposure Index" report by Rapid7, 73% of Indian RDP servers are exposed to brute-force attacks and ranks 18th on the Global Index.

In the last 2 months, eScan has noted that most ransomware attacks could be contributed to cybercriminals using rogue RDP sessions to take control of servers & injecting ransomware in order to extort ransom from unsuspecting companies.  The methodology to do this is being smartly executed by taking all possible steps to pro-actively disable real-time monitoring technology and/or uninstalling any anti-malware products installed on the said end-points.

IT Administration and management of assets for every Organization is a tedious task, and in order to simplify this process of troubleshooting/maintenance, IT Administrators make use of various Remote Access Technologies viz. Remote Desktop Protocol (RDP) so as to access the graphical interface of another computer over a network connection.

It is to be noted that the security of RDP is limited to strong passwords and a secure connection by way of implementing TLS so as to mitigate various forms of brute-force/password guessing attacks or MITM attacks.

Due to various reasons, not every organization implements password policies, and in many cases, it is the user who has to choose their own password. Furthermore, password reuse is another area of concern which has to be addressed.

Usage of RDP:

To facilitate Centralized Management of computers, organizations implement RDP and access these systems either through LAN or Internet. In order to protect RDP enabled systems from outsiders, VPN might be implemented but in a majority of cases, Administrators configure the firewall to open up RDP for the systems they would want to manage remotely.

RDP Attacks:

Pen-testing platforms such as Kali offer RDP Bruteforce and Exploit tools which are being specifically used for targeting systems with Internet-facing RDP systems. A Bruteforce attack would generate large numbers of Failed Login Notifications and are logged. Furthermore, the users are not even aware of the on-going Brute Force attack, since it is not imperative that the attack would take place when the user would be logged in and working on the system.

1: Failed RDP Authentications although are subjected to Log Audits, users are never alerted whenever they succeed in breaching the security. This has resulted in the rise of Brute Force of RDP sessions.

2: Due to the fact that users were never aware of the on-going RDP authentications, the perpetrators in all the cases were able to gain complete control of the system.

3: Attackers upon successful exploitation would implement backdoors or pivot to other systems and in some cases infect the systems with Ransomware.

TSPM – Terminal Services Protection Module:

eScan's Terminal Services Protection Module (TSPM) not just detects these brute force attempts but also heuristically identifies suspicious IP Addresses / Hosts and blocks any access attempts from them and in order to safeguard the systems from future attacks, the IP addresses and Hosts from future attacks are banned from initiating any further connections to the system.

As mentioned earlier, it has been known that attackers would try to uninstall security applications from compromised systems in order to cover up their tracks and stop the administrators from getting alerted about the breach.  eScan TSPM detects and stops these attempts too, moreover, the administrators are also alerted about the preventive measures initiated by TSPM.

In the present landscape where attackers are trying to exploit every known weakness be it unpatched systems or inability of the users/administrators to maintain password hygiene, eScan's TSPM would protect the systems/organizations from such attacks.

About eScan:

eScan is an ISO (27001) certified pure-play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24x7 free remote support facility to help its esteemed users to provide real-time solutions for security-related issues.

For more information -

Media Contact
39555 Orchard Hill Place, Suite 600
Novi, MI 48375
Email:*** Email Verified
Tags:Escan, TSPM, Business
Location:Novi - Michigan - United States
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
eScan Anti-Virus PRs
Trending News
Most Viewed
Top Daily News

Like PRLog?
Click to Share