Home SecurityNetwork Security Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

by ethhack

The rush to enable employees to work from home in response to the COVID-19 pandemic resulted in more than 1.5 million new Remote Desktop Protocol (RDP) servers being exposed to the internet. The number of attacks targeting open RDP ports in the US more than tripled in March and April.

Not many companies have a big stock of unused managed laptops for employees to take home on short notice, especially those who used to do their jobs from workstations with custom legacy software that only runs on certain versions of Windows. With IT teams also having to work from home, the need to manage on-premises servers remotely is also a common problem companies have to find a solution for.

As a technology that was built into Windows to enable the remote of computers, RDP can be an easy fix to such problems, but can also become a major weakness for organizations if deployed insecurely.

RDP a serious problem made worse

The RDP protocol is a frequent target for credential stuffing and other brute-force password guessing attacks that rely on lists of common usernames and password combinations or on credentials stolen from other sources. Some cybercriminals even specialize in selling hacked RDP credentials as a commodity on the underground market to other hackers who use them to deploy ransomware and cryptominers or to engage in more sophisticated attacks that can lead to the theft of sensitive data and more extensive network compromises.

“McAfee ATR has noticed an increase in both the number of attacks against RDP ports and in the volume of RDP credentials sold on underground markets,” researchers from security firm McAfee said in a new report.

The company notes that the number of RDP ports exposed to the internet has grown from around 3 million in January to more than 4.5 million in March. More than a third of them are in the US and another third are in China. More than half of the machines with exposed RDP ports are running some version of Windows Server, but around a fifth run Windows 7, which is no longer supported and does not receive security updates. That’s a concern because in addition to often being configured with weak passwords, RDP has also seen its share of vulnerabilities and exploits over the years.

Copyright © 2020 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment