Author Topic: hacking with remote desktop and lack of detection from avast  (Read 1424 times)

0 Members and 1 Guest are viewing this topic.

Offline wojkal91

  • Newbie
  • *
  • Posts: 1
hacking with remote desktop and lack of detection from avast
« on: September 23, 2020, 04:49:08 PM »
Hello,


Few days ago i found out that someone was trying to hack my PC with remote desktop service. I declined any remote connections and thought everything was alright.

Today i noticed suspicious activity, opened firewall to check permissions and i saw this:


Is there any way to find out if my PC is hacked or any other connected device? Router maybe?
What can i do to prevent further hacking? For now i disabled all connections and put all those computers on blacklist but Im not sure if its enough.


EDIT: also on my firewall permissions i had like 3 pages of connections including audio and video streaming, virtual host, virtual router but sadly I didnt take screenshot.


Halp! :<
« Last Edit: September 23, 2020, 04:53:02 PM by wojkal91 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: hacking with remote desktop and lack of detection from avast
« Reply #1 on: September 23, 2020, 05:53:56 PM »
Witam wojka91,

Check your RDP is updated fully. Working at home raises the risks of Brute Force Attacks.
Check wheter your OS is fully updated.  Were you working your RDP in a public place (airport etc.).

Read here: https://www.techrepublic.com/article/how-to-combat-cyberattacks-that-exploit-microsofts-remote-desktop-protocol/

Do not allow RDP connections over the open internet.
Use complex passwords as well as multifactor authentication.
Lock out users and block or timeout IPs that have too many failed logon attempts.
Use an RDP gateway.
Limit Domain Admin account access.
Minimize the number of local admins.
Use a firewall to restrict access.
Enable restricted Admin mode.
Enable Network Level Authentication (NLA).
Ensure that local administrator accounts are unique and restrict the users who can logon using RDP.
Consider placement within the network.
Consider using an account-naming convention that does not reveal organizational information.

pozdrawiam,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!