Over 100k Daily Brute-force Attacks On RDP In Pandemic Lockdown – Expert Reaction

In response to research findings that indicate the number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, a cybersecurity expert offers perspective.

Experts Comments

June 30, 2020
Laurence Pitt
Global Security Strategy Director
Juniper Networks
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys. Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the.....Read More
Attacks using RDP are not a new problem, but one made worse by the number of RDP ports that have been exposed to the internet in recent months. According to some statistics, they have increased by around 50%. More ports equates to more opportunity for the bad guys. Reducing the risk of attack is not complicated, as these attacks are either taking advantage of well-known existing exploits, such as Bluekeep, or weak passwords on devices. The prevention method is to ensure that you apply the latest patches on all devices and introduce good, strong and, ideally, centrally-managed password hygiene. Leaving RDP unpatched, with a simple password, is like going out and leaving the front door of the house unlocked and open. It is an invitation for anyone walking by to pop in, take what they want and mess up everything else.  Read Less
June 30, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accomodate a remote workforce due to COVID-19. In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home. However, this all accumulates as technical debt, one that the criminals are well aware of, and which would lead them to increase their attacks. It is why .....Read More
RDP has been a popular attack vector for many years now, but this has increased even more ever since IT teams had to accomodate a remote workforce due to COVID-19. In an attempt to keep the show on the road, many IT teams would have enabled RDP in addition to relaxing security controls in order to allow employees to work unhindered from home. However, this all accumulates as technical debt, one that the criminals are well aware of, and which would lead them to increase their attacks. It is why a culture of security within an organisation is important, so that all employees can make better security decisions regardless of the technologies that are available. That being said, exposing RDP directly to the internet is never a good idea, even less so where it is only secured with a password. Organisations should only use RDP where no better alternative is available, and even then, they should enforce strong passwords, MFA, and enhance monitoring of connections. It's worth bearing in mind though, that even when these security controls are put in place, criminals can still get in by social engineering the users. Especially during this time where many are working remotely from home, it has become easier for criminals to masquerade as the IT helpdesk to either phish credentials, or persuade users to download malicious files. Which is why security awareness and training should also form a critical component of any layered defensive strategy.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.