Attack Technique
RPC Attacks
RPC is a widely used protocol for communication between systems in enterprise networks. It’s also a prime target for attackers.
Definition
What is an RPC attack?
This type of attack leverages the remote procedure call (RPC) — a protocol that allows one computer program to request a service or execute a procedure on another program located on a remote computer. Enterprises use it so networked systems can communicate and perform operations without requiring detailed knowledge of the other program’s structure or specifics of the network.
While RPC is widely used to simplify communication between operating systems, it also poses a significant vulnerability that attackers can leverage. In RPC attacks, attackers exploit the protocol to gain unauthorized access, escalate privileges, or execute malicious code on a remote system.
How it works
How RPC attacks work
Attackers abuse RPCs to conduct various malicious activities such as:
- Escalating privileges: Attackers often abuse RPC vulnerabilities to escalate privileges and execute commands once they gain higher-level permissions. This type of attack can result from poorly configured access controls or specific vulnerabilities in RPC services.
- Executing remote code: This happens when attackers exploit vulnerabilities within RPC to execute arbitrary code on the target system. By sending a maliciously crafted RPC request, the attacker can run commands or scripts on the victim’s machine without authorization.
- Moving laterally: Because RPC facilitates communication between systems, attackers often exploit it to move laterally across a network. By compromising an initial endpoint and using RPC for communication, the attacker can access other network systems and maintain persistence.
Why attackers use it
Why attackers use remote procedure call
Attackers use RPC because it’s often harder to detect compared to a port sweep or port scan. They can use it to fly under the radar while conducting reconnaissance. For this reason, RPC server vulnerabilities are frequently exploited to gain details about network shares, services, users, and other resources.
Platform Detections
How to detect and prevent RPC attacks
RPC attacks are a serious security concern due to RPC's broad functionality and network accessibility. By monitoring network activity, applying patches promptly, and using tools like the Vectra AI Platform to monitor for signs of RPC abuse, cybersecurity professionals can reduce the risk of these threats. That’s why Vectra AI provides AI-driven detections like RPC recon and RPC targeted recon — to identify when attackers appear to be using the RPC protocol to gather information on network resources so SOC teams can stop them fast.
