Expert Comments

Over 100k Daily Brute-force Attacks On RDP In Pandemic Lockdown – Expert Reaction

Expert(s): Security Experts
Expert(s): Security Experts

In response to research findings that indicate the number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, a cybersecurity expert offers perspective.

Experts Comments

Dot Your Expert Comments
Laurence Pitt
June 30, 2020
Global Security Strategy Director
Juniper Networks

It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys. Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the.....Read More
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys. Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the latest patches on all devices and introduce good, strong and, ideally, centrally-managed password hygiene. Leaving RDP unpatched, with a simple password, is like going out and leaving the front door of the house unlocked and open. It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.  Read Less
Javvad Malik
June 30, 2020
Security Awareness Advocate
KnowBe4

Security awareness and training should also form a critical component of any layered defensive strategy.
RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accomodate a remote workforce due to COVID-19. In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home. However, this all accumulates as technical debt, one that the criminals are well aware of, and which would lead them to increase their attacks. It is why .....Read More
RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accomodate a remote workforce due to COVID-19. In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home. However, this all accumulates as technical debt, one that the criminals are well aware of, and which would lead them to increase their attacks. It is why a culture of security within an organisation is important, so that all employees can make better security decisions regardless of the technologies that are available. That being said, exposing RDP directly to the internet is never a good idea, even less so where it is only secured with a password. Organisations should only use RDP where no better alternative is available, and even then, they should enforce strong passwords, MFA, and enhance monitoring of connections. It's worth bearing in mind though, that even when these security controls are put in place, criminals can still get in by social engineering the users. Especially during this time where many are working remotely from home, it has become easier for criminals to masquerade as the IT helpdesk to either phish credentials, or persuade users to download malicious files. Which is why security awareness and training should also form a critical component of any layered defensive strategy.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords