New research has highlighted a significant growth in the number of attacks targeting Microsoft’s Remote Desktop Protocol (RDP) during the COVID-19 pandemic.
Businesses have increasingly turned to Microsoft RDP as a way to help employees to work from home, with the system enabling remote workers to log onto their office computers and access business networks.
As a result, the number of internet-connected RDP ports jumped from three million in January this year to four and a half million by the end of March, according to a report from security firm McAfee. However this increase has also led to a spike in the number of dark web markets selling RDP credentials online.
52 percent of the stolen RDP credentials the company found, including more than 20,000 logins, were from networks in China. While the US has roughly the same number of exposed systems, only four percent of the stolen credentials McAfee found came from the US.
While RDP is critical for facilitating remote work during the pandemic, it can also expose an entire business network to risk, with many companies hastily setting up the software at the start of the pandemic.
Once malicious actors compromise an RDP port, they can easily use it to send spam using a company’s mail server. Worse, they can use remote access to spread malware throughout the internal network.
McAfee’s research points out that the majority of compromised RDP ports result not from advanced malware, but simply from brute-forcing passwords.
A surprising number of internet-exposed RDP ports don’t require a password at all, and many use common passwords like ‘123456’.
Securing remote desktop access is key to protecting business networks while employees continue to work from home. At a minimum, McAfee suggests restricting RDP connections over the open Internet and requiring complex passwords and multi-factor authentication for login.
As Steve Grobman, Chief Technology Officer at McAfee, puts it, “Remote work paradigms create new opportunities and require new defense mechanisms and practices.”