The surge in RDP-Based Attacks
The number of cyber-attacks on Remote Desktop Protocol (RDP) servers has expanded amid the COVID-19 pandemic, as a significant number of employees are currently working from home.
To remotely get to Windows workstations and servers, companies have been depending on RDP servers which is Microsoft’s exclusive protocol. As a result, there has been an expansion in brute-force attacks, with hackers taking advantage of the pandemic to attack corporate assets accessible to remote workers.
The number of RDP ports exposed to the web increased from around 3,000,000 in January 2020 to more than four and a half million in March, McAfee found after running various searches. In these assaults, the cybercriminals are trying to penetrate the RDP protocol by attempting all possible credential combinations until they hit the right one. Analysts explained searches for username, and password mixtures depend on random characters or famous or compromised passwords.
How to prevent RDP-based Hacks?
First, exposing RDP directly to the internet is not the best security practice. Slow patching can generally allow vulnerable servers to be compromised through an RDP attack. RDP should only be available after first connecting to the companies VPN.
The speed that everyone went into lockdown due to Covid-19 along with the necessity to keep business moving resulted in some shortcuts taken, which compromised security. Setting up Remote Desktop without a corporate VPN to connect to first or an RDP Gateway is a recipe for disaster, and it’s only a matter of time before the network is compromised.