Indeed, never use RDP over Internet... in fact, many people would even say to simply turn off RDP completely as it's simply not a protocol designed with security in mind as RDP has had a long history of being attacked. Here are just some of the RDP
exploits published, and you can simple Google to find many more RDP issues:
April 2, 2021, Feds say hackers are likely exploiting critical
Fortinet VPN vulnerabilities https://arstechnica.com/gadgets/2021/04/feds-say-hackers-are-likely-exploiting-critical-fortinet-vpn-vulnerabilities/?amp=1
- May 21,
2020, RDP issue published: Windows malware opens RDP ports on PCs
for future remote access (reported by Sentinel Labs) https://www.zdnet.com/article/windows-malware-opens-rdp-ports-on-pcs-for-future-remote-access/
- May 14,
2020, there is a news on "Improper Microsoft Patch for Reverse RDP
Attacks Leaves 3rd-Party RDP Clients Vulnerable:" https://thehackernews.com/2020/05/reverse-rdp-attack-patch.html.
5, 2019, The FortiGuard Labs team recommends that customers immediately
apply the latest patches from Microsoft for CVE-2019-0708 on any affected
machines, and where possible, also disable RDP completely. BLUEKEEP RDP
ATTACKS ARE STARTING: https://www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html.
27, 2018, The Public Service Announcement (PSA) warned “CYBER ACTORS
INCREASINGLY EXPLOIT THE REMOTE DESKTOP PROTOCOL (RDP) TO CONDUCT
MALICIOUS ACTIVITY,” outlining issues around outdated RDP versions with
flawed encryption mechanism, unrestricted access to the default RDP port
if you are using RDP over VPN, please make sure you do constantly monitor and patch your
VPNs, and ensure you have MFA... Gartner, Zscaler, Palo Alto Networks, Fortinets, etc. are all pitching Zero Trust (& SASE / SSE) to bypass VPN nowadays... it's also because VPN was never designed to support remote workforce and proliferation of SAAS apps (O365, Teams, Zoom, Salesforce, etc.). VPN is also constantly under attack:
Gartner’s analysis predicts that by 2023, 60% of enterprises will phase out
their remote access VPN in favor of Zero Trust Network Access solutions.
Zero trust is about "trust no one, and verify
everyone." Corporate perimeter is already broken as most of the
apps we use are in the cloud (Office365, Teams / Slack, Zoom, Salesforce,
RingCentral, Google Workspace, Freshdesk, ServiceNow, NetSuite, etc.). SSO / Password vault (adding latest passwordless FIDO2 trend) should play a critical role in securing user access across various
October 14,2020, SonicWall VPN Portal Critical Flaw (CVE-2020-5135) https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/
- March 13,
2020: Department of Homeland Security (DHS) has warned, ”As VPNs are
24/7, organizations are less likely to keep them updated with the latest
security updates and patches.”
September 24, 2020, Feds Hit with Successful Cyberattack, Data Stolen. The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a
- May 16,
2019: FortiClient installer DLL Hijacking Vulnerability https://www.fortiguard.com/psirt/FG-IR-19-060
Manual updates of FortiClient required asap.
2019 and 2020, CISA published alerts on "Continued Exploitation of
Pulse Secure VPN Vulnerability" https://us-cert.cisa.gov/ncas/alerts/aa20-010a
IMO, VPN gives excessive trust
(unless you segment the networks, and also monitor device security posture,
etc.). We believe it would be much better for MSP/IT to rely on a
zero trust, secure remote access solution like Splashtop to provide a scalable,
reliable remote access cloud-based solution that's constantly monitored
and automatically updated. No more manual updating and patching of
VPN and RDP.
millions on security yearly and invests in regular penetration testing. Has
built-in device auth & 2FA. SSO option available. Our infrastructure
includes 24x7 security monitoring/alerts... Furthermore, VPN with backhauling
of traffic (unless doing split tunneling) introduce lots of performance
challenges. It's faster, safer, and cost effective to leverage Splashtop.