Criminals Exploit Pandemic with Brute-Force RDP Attacks

Criminals Exploit Pandemic with Brute-Force RDP Attacks

Originally Published on this site

Criminals Exploit Pandemic with Brute-Force RDP Attacks

Criminals Exploit Pandemic with Brute-Force RDP Attacks 1

ESET is the latest security company to notice a sharp spike in RDP-based hacks over the last few months. The anti-malware company spotted a rise in the number of brute-force attacks using the remote access protocol, and said that cyber-criminals have been using it to distribute ransomware.

The Remote Desktop Protocol is a proprietary Microsoft protocol that allows people to access Windows from outside the network. Companies often leave their RDP ports open without taking proper security measures, ESET warned. That can lead to malware infections.

The company has tied the spike in attacks to the COVID-19 pandemic. With lots of office workers forced to log in from home, RDP has become a common way for them to access machines back at the office, it explained. It distributed a graph showing daily attacks against unique clients rising from just under 30,000 in December to over 100,000 during May.

ESET created a new detection layer that spots repeated login attempts from external environments. It adds offending IP addresses to a blacklist that it uses to protect all of its clients. For that to work, though, companies must enable the Network Level Authentication (NLA) RDP option on their servers. This is something that Microsoft has already recommended in the past as a protection against the BlueKeep worm that emerged last year, which exploited a vulnerability in RDP.

Other things you can do to protect yourself against RDP include disabling it altogether if you don’t need it, the company says, or at least creating access control lists that limit the number of users allowed to connect directly over the internet. Use strong, complex passwords for all accounts, along with multi-factor authentication, it advises. If possible, use a VPN gateway to broker all connections from outside your local network. We covered some protection techniques in April.

ESET isn’t the only company to have noticed a rise in RDP-based attacks. In March, Shodan noticed an uptick in the number of devices exposing RDP to the internet. A month later, Kaspersky reported the same thing, warning that the number of Bruteforce.Generic.RDP attacks had “rocketed across almost the entire planet” since March.

Exposed RDP problems are so bad that the FBI even warned about it in 2018, and reportedly sent out another warning this month to K–12 schools in the US about an increase in RDP-based ransomware attacks during the pandemic.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)