"Windows Remote Desktop Servers Now Used to Amplify DDoS Attacks"

Windows Remote Desktop Protocol (RDP) servers are being used by DDoS-for-hire services as an amplification vector in the execution of Distributed Denial-of-Service (DDoS) attacks. The Microsoft RDP service allows authenticated remote virtual desktop infrastructure (VDI) access to Windows servers and workstations. Attacks in which Windows RDP servers are used as amplifiers can result in the shutdown of an organization's remote-access services as well as additional service disruption due to state-table exhaustion of stateful firewalls, load balancers, and more. In order to mitigate the impact of these attacks, organizations should disable the vulnerable UDP-based service on Windows RDP servers or make the servers available only via a Virtual Private Network (VPN). This article continues to discuss DDoS-for-hire services' use of Windows RDP servers to amplify attacks and recommended mitigation measures.

BleepingComputer reports "Windows Remote Desktop Servers Now Used to Amplify DDoS Attacks"