As millions of people have been working from home due to pandemic-driven lockdowns, cybercriminals took this opportunity to launch a wave of attacks targeting RDP. Researchers outline a trend for RDP attacks when almost all of us were connected via home networks.
What researchers found
ESET telemetry reported steady growth in RDP attacks throughout 2020, with the fastest changes observed in the months of February and March when the U.S. and Western Europe were under lockdown.
- The number of firms facing RDP attacks per day remained constant throughout the year, although there was some variation in the number of attacks attempted at Q4 2020. However, an overall growth of 768% was observed between Q1 and Q4 2020.
- Most of the attacks observed by researchers against RDP are brute-force attacks.
- Several attackers exploited vulnerabilities to target RDP, while Microsoft regularly kept patching several RDP-related flaws in 2020.
While RDP attacks weren't the only threat observed in 2020, these attacks had comparatively larger growth than other attacks.
Kaspersky’s take on RDP
- Kaspersky researchers spotted a massive spike in mid-2020 when targeted brute-force attacks against RDP protocol increased drastically almost everywhere around the world.
- In February 2021, there were 377.5 Million brute-force attacks, which is almost four times the growth from the 93.1 Million observed at the start of 2020.
As a large number of people are still working from home, attacks on RDP can be expected to continue in the near future, as well. Moreover, one of the biggest challenges in such attacks is the continued use of weak passwords and the reuse of the same passwords for other services. Therefore, password hygiene should be maintained to stay secure.