Hackers Compromising Over 100,000 Windows RDP Daily | RDP Attacks Growing ..

First of all, let’s discuss that what is RDP?

Remote Desktop Protocol (RDP) is a connection protocol developed by Microsoft to provide users with a graphical interface while connected to another computer over a network. The connecting user must deploy an RDP client software, while the receiving computer must deploy RDP server software. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists.

Now, you may think why hackers are attacking RDP in this lockdown. The reason is simple, because of the lockdown a huge portion of employees are working remotely through personal devices to access sensitive organization computers with Windows’ Remote Desktop Protocol (RDP). According to ESET telemetry reports, there is a gigantic uptick with a few unique clients targeted via RDP brute‑force attacks. These attack campaigns pose serious cases as some organizations disregard to implement protection settings and Employees use easy-to-figure passwords without any extra layer of protection like 2FA. In the current circumstance, the majority of the individuals began working remotely, so the RDP and the video communication platform usage will be high.

✓ RDP Attack Growing ✓

Shodan already reported that “number of devices exposing RDP to the Internet has grown over the past month which makes sense given how many organizations are moving to remote work.”

The above picture in shows the countries with the most brute-force attacks reported by ESET telemetry.

In the case of RDP brute-force attacks, hackers use to scan the network using various tools (Nmap, Unicorn, Zenmap, etc)to identify the IP address and the port ranges used by RDP servers. Once RDP servers are tracked attackers use the various username and password (also called password spraying, already covered by www.instagram.com/RESETHACKER instagram) combinations to gain access to the RDP servers. If the attacker gains access to the RDP server they can sell the RDP credentials in dark web forums, disable antivirus software, install malware, steal company data, encrypt files, and much more.

Attacks on remote-access infrastructure (as well as collaboration tools) are unlikely to stop any time soon. So if you use RDP in your work, be sure to take all possible protection measures:

1. At the very least, use strong passwords.
2. Make RDP available only through a corporate VPN.
3. Use Network Level Authentication (NLA).
4. If possible, enable two-factor authentication.
5. If you don’t use RDP, disable it and close port 3389.
6. Use a reliable security solution.

Thank you for reading!

Instagram: www.instagram.com/cyberchiranjit

{Team RESETHACKER }