RDP Brute-Force Attacks Increase Since the Start of COVID-19

RDP Brute-Force Attacks Increase Since the Start of COVID-19

The Rise of RDP Exposure

According to recent reports, the number of brute-force attacks focused on Remote Desktop Protocol (RDP) endpoints has dramatically increased since the start of the COVID-19 pandemic.

As countries implemented quarantines and stay-at-home orders, more companies started deploying RDP systems online. This resulted in a 41.5% increase in “the number of devices exposing RDP to the internet via RDP’s default TCP port 3389.”

More RDP Brute-Force Attacks

Attackers continually rely on brute-force attacks to obtain credentials that have remote desktop access. As more remote workers connected to the corporate network in recent months, the attack surface for cybercriminals became wide open.

“Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet,” said Dmitry Galov at Kaspersky.RDP endpoints have been heavily target among ransomware attackers. Notably, 2019 gave rise to the infamous BlueKeep vulnerability, which allowed attackers to remotely take control of an unpatched connected device.

That’s why it’s critical for businesses to adopt security measures to protect themselves when using RDP, as well as other potential attack vectors.

How Syxsense Combats Brute-Force Attacks

Attackers and RDP vulnerabilities are no match when you have vulnerability scanning with Syxsense on your side.

Syxsense helps you reduce the likelihood of brute-force success by knowing about weak passwords and sub-standard user account policies.

Keep your environment locked down with our Policy Compliance scripts:
  • Brute-force attacks occur when you endlessly try passwords
  • When you have at home devices in a network with other none corporate devices
  • Password set to any of the standard easily hacked passwords like “Password”
  • Passwords Unchanged: Are accounts used with unchanged passwords? Simple passed or passwords which have not been changed are a high risk
  • User Login Analytics: Has an account not been logged in within a reasonable period of time?
  • Users Never Used: Has an account never been used? Accounts which are never used are often planted for later “Zero-Day” attacks
  • Password Never Expires: Has an account been set to never expire?
  • Password Not Required: Blank passwords are the easiest to hack
  • Administrator Account in Use: Has the recommended policy of renaming the Administrator account been actioned?
  • Multiple Login Attempts: Multiple login attempts provide trace evidence of a “brute-force attack”

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.