‘Remote Desktop Protocol attacks up by 30 percent in March’

Get a free Techzine subscription!

According to SANS Institute, there was a 30 percent increase in attacks on Remote Desktop Protocol servers in March. The increase corresponds to the increase in exposed RDP servers measured by Internet of Things (IoT) search engine Shodan.

The findings point to a risk for companies that have to suddenly work with RDP, due to the corona virus situation. To enable employees to continue their work as effectively as possible from home, organisations have implemented RDP that could expose confidential systems to the public Internet.

“The average number of IP addresses attacked per month is 2,600, but in March it was about 3,540 per day. RDP is not a protocol powerful enough to be exposed to the Internet. We now see that attackers are trading weak login credentials they found for these RDP servers. A corrupted RDP server can result in complete damage to the exposed system and is likely to be used to attack and exploit other systems within the network,” said Johannes Ullrich of SANS Institute.

Remote Desktop Protocol is a protocol developed by Microsoft that provides a graphical interface to connect to other computers via a network connection. It is an inexpensive and simple way for companies to enable productive working from home. One user needs to use RDP client software, while the other computer needs to use RDP server software.

Working safely from home

Ullrich advises companies that have implemented RDP to secure RDP servers with unique, long and random passwords and if possible only allow employees access via a VPN. “Microsoft also offers RDP Gateway, which can be used to establish strong authentication policies. Companies may attempt to restrict access to RDP from specific IP addresses when a VPN cannot be implemented at any given time. However, this can be difficult when IT administrators are working from home with dynamic IP addresses,” says Ullrich.

Another option according to him is to use a cloud server as a starting point. “Put the cloud server on the whitelist and use secure protocols such as SSH to connect to the cloud server. This technique can work as a quick solution when companies don’t want to risk downtime when everyone is working remotely”.