The U.S. Federal Bureau of Investigations (FBI) today warns of an increase in the number of hacks that occur via Remote Desktop Protocol (RDP). Millions of endpoints would not only be directly accessible, they would also be very vulnerable to attacks.

RDP was developed by Microsoft in the nineties and enables users to log on to another computer and then interact with that computer via a visual interface including a mouse and keyboard. RDP is rarely used on home computers, but relatively often for workstations in business networks. This allows system administrators to access a device that they cannot go to in person.

Increase in open RDP connections

In its report, the FBI writes that the number of computers that have an RDP connection open and are therefore accessible on the Internet has increased since mid-2016. That’s right when we look at figures from different security companies. For example, Rapid7 reported at the beginning of 2016 that there were nine million RDP-enabled devices on the Internet and eleven million by 2017.

Of course, hackers are also aware of these issues, which is why there has been an increase in the number of incidents over the past few years in which hackers have been able to access a network via an open RDP connection. In fact, over the past three years, dozens of ransomware programs have been developed specifically for hackers who abuse RDP connections.

Multiple exploits

There are more or less three ways in which hackers can access devices if they want to abuse RDP. The easiest way is for a system administrator to open RDP but not set a password. This allows hackers to simply log in to devices without entering a password. If there is a password, hackers can use a brute-force attack and guess the password. The third method has to do with a scan of the Internet, in which hackers misuse code to log in in RDP protocols.

The FBI now advises all system administrators to disable their RDP connections when not in use. The connection should only be open if a system is fully up-to-date and has all possible patches. These and more tips can be found on the website of the FBI.

This news article was automatically translated from Dutch to give a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.