Long story short, my older parents were recently scammed by someone pretending to be from a legitimate company and in turn they gave them access to their computer through a bespoke RDP software client. The scammer convinced them to download and run the software which enabled the scam and subsequent financial loss. My question, can I implement a rule to stop all RDP traffic?
I appreciate you can block commonly used ports from well known products (Team Viewer, AnyDesk, etc) but these scammers are using custom software which don't follow the normal rules. Is it possible to block RDP traffic of all kinds? Perhaps through deep packet inspection, etc?
This is a difficult situation, I'm sad to hear about your parents' issue.
But, there's no rule that will stop social engineering, it's purely a human issue. You can try to block all known malicious ports, but then the perps will just use 443 or something that you can't block without disconnecting the whole internet.
Maybe the rule you need to implement is "CALL ME! whenever anything outside your experience happens."
Thanks for your thoughts and input. I agree they need to improve their social defenses, my advice has always been "call me" but these scammers had a sophisticated plot that exploited a major data leak. The information from the data leak gave them more credibility than usual. But proving this may be difficult as these large service providers have good lawyers.