HomeRisk ManagementsExposed RDP poses a danger, warns Sophos News

Exposed RDP poses a danger, warns Sophos News

Published on

spot_img

Exposing a server with RDP to the internet can lead to a massive influx of login attempts in a short period of time. A recent experiment conducted by a team for scientific purposes revealed the dangers of leaving a server exposed with RDP for just 15 days. The server was left unattended, and within minutes of exposure, login attempts started pouring in. This highlights the alarming speed at which potential attackers can target and try to gain unauthorized access to servers with RDP exposed to the internet.

Upon analyzing the data gathered during this experiment, it was found that certain usernames were more commonly used in these brute force login attempts. Notably, variations of the username “administrator” topped the list, with “administrator” alone accounting for a staggering 866,862 failed login attempts over the 15-day period. This trend is consistent with findings from cybersecurity incidents where exposed RDP served as the initial access point for attackers, who often targeted the administrator account due to weak password policies within organizations.

The experiment revealed that a total of 137,500 unique usernames were attempted during the 15 days, originating from 999 unique IP addresses. This massive volume of failed login attempts, totaling over 2 million, underscores the high risk associated with exposing RDP to the internet. Despite the common practice of changing the default RDP port (3389), it was discovered that attackers and scanners easily identify open RDP ports, making the port number less relevant in terms of security.

Security through obscurity, such as changing the RDP port to a non-default value, proved to be ineffective in deterring brute force attacks, as demonstrated by quick login attempts even when the port was non-standard. This emphasizes the need for administrators to explore more secure methods for remote access, such as using a VPN with multi-factor authentication (MFA) to enhance security.

In conclusion, the experiment highlighted the significant risks associated with exposing RDP to the internet, with a multitude of scanning activities seeking open RDP ports. As attackers continue to target vulnerable RDP servers, it is crucial for organizations to implement robust security measures to protect against unauthorized access and potential ransomware attacks.

Moving forward, the upcoming parts of the series will delve into specific queries that can aid in investigating and understanding the intricacies of RDP-related attacks. By exploring alternative methods for remote access and staying informed about attack vectors, administrators can better defend their systems against potential threats.

With the growing prevalence of cyber threats targeting exposed RDP servers, it is essential for organizations to prioritize security measures and adopt best practices to mitigate risks effectively. Stay tuned for the next part of the series to learn more about enhancing security and investigating RDP-related incidents.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish