RDP password attacks increase since COVID-19 onset

Don Sharpe
by Don Sharpe
Author
0 Comments
Download PDF
Affiliate Disclosure

  • Recent ESET telemetry data indicates an increase in RDP password attacks from December 1, 2019 to May 1, 2020.
  • Cyber gangs are targeting remote workers that use Windows RDP to connect to corporate IT systems.
  • You may check out our Software section for the latest news and updates on various Windows 10 applications.
  • To learn more about getting the most out of leading cybersecurity tools, visit the Security & Privacy page.
Windows RDP attacks

Recent ESET telemetry data indicates an increase in RDP password attacks from December 1, 2019 to May 1, 2020. Over the same duration, COVID-19-related restrictions have compelled hundreds of millions of employees to work from home.

The vast majority of these workers have to remotely connect to their employers’ IT systems. Sadly though, their connections to corporate networks have become highly vulnerable attack vectors.

For example, attackers recently sent phishing emails to remote workers that connected to their organizations’ networks via VPNs.

Windows Remote Desktop Protocol (RDP) is also a target for cyber gangs, according to the ESET report.

RDP password attacks on the rise

Hackers are increasingly breaching RDP password security by launching multiple brute-force attacks. They’re targeting remote workers that use Windows RDP to connect to corporate IT systems.

In particular, the criminal gangs take advantage of weak password protection policies, says ESET.

That is probably also the reason why RDP has become such a popular attack vector in the past few years, especially among ransomware gangs. These cybercriminals typically brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions and then run ransomware to encrypt crucial company data.

ESET adds that most of the IPs it blocked between January and May 2020 were France, China, Russia, Germany, and US-based.

On the other hand, many of the IP addresses that the cyber gangs targeted in their brute-force attacks were Hungary, Russia, Germany, and Brazil-based.

Once they gangs have obtained an organization’s RDP login credentials, they start elevating their system privileges to admin level. From there, they can have a field day deploying their malicious payloads.

Typically, brute-force attacks can pave the way for the deployment of ransomware or potentially unwanted apps, such as cryptominers.

If your organization runs any web-facing system, consider requiring strong or complex passwords to minimize the success chances of brute-force attacks. Also, be sure to have ransomware protection in place.

Have you ever fallen victim to a brute-force attack? Tell us your experience in the comments section below.