In response to research findings that indicate the number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, a cybersecurity expert offers perspective.
In response to research findings that indicate the number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, a cybersecurity expert offers perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accomodate a remote workforce due to COVID-19. In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home.
However, this all accumulates as technical debt, one that the criminals are well aware of, and which would lead them to increase their attacks. It is why a culture of security within an organisation is important, so that all employees can make better security decisions regardless of the technologies that are available. That being said, exposing RDP directly to the internet is never a good idea, even less so where it is only secured with a password.
Organisations should only use RDP where no better alternative is available, and even then, they should enforce strong passwords, MFA, and enhance monitoring of connections.
It\’s worth bearing in mind though, that even when these security controls are put in place, criminals can still get in by social engineering the users. Especially during this time where many are working remotely from home, it has become easier for criminals to masquerade as the IT helpdesk to either phish credentials, or persuade users to download malicious files. Which is why security awareness and training should also form a critical component of any layered defensive strategy.
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys.
Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the latest patches on all devices and introduce good, strong and, ideally, centrally-managed password hygiene.
Leaving RDP unpatched, with a simple password, is like going out and leaving the front door of the house unlocked and open. It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.