DETECTION OVERVIEW

Unconventional RDP Data Transfer

Risk Factors

The Remote Desktop Protocol (RDP) is a common target for attackers because RDP provides remote access to a Windows device. If an attacker gains access to a poorly-secured RDP device, they can easily transfer data. Unusual data transfers can be associated with risky activity such as sharing malicious files between compromised devices or data staging. Data staging is the process of collecting and preparing data for exfiltration. Depending on the sensitivity of the transferred files, the impact can be devastating if important, proprietary, or customer data is leaked.

The system might change the risk score for this detection.

Kill Chain

Actions on Objective

Risk Score

Attack Background

N/A

Mitigation Options

Disable RDP unless required

Implement microsegmentation by adding secure zones based on the zero-trust security model: partition network traffic with endpoint firewalls, virtual or software-defined networks, or physical networks

Review access controls to ensure that only necessary users can connect to remote access services

Review authentication methods and enforce policies for secure credential creation and multi-factor authentication

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases