RDP (Remote Desktop Protocol) a proprietary Microsoft protocol that helps you work from home suffers a million brute force attacks a day
Its been two months since the world is in a lockdown due to the dreaded Coronavirus pandemic. The lockdown has forced people to adopt the work from home policy. Since the COVID-19 infections grew exponentially, the number of people working from home skyrocketed.
In fact, big tech companies are thinking of making work from home permanent. Remote working has now become the new normal for many companies the world over.
To make remote work easier, many companies rely on remote desktop connections. Employees can use these remote connections to access their work computer’s desktop from anywhere. This is where the RDP or Remote Desktop Protocol kicks in.
Remote Desktop Protocol is a proprietary Microsoft product that enables two computers to connect without any data loss. RDP works with Microsoft Windows, Linux, Unix, macOS, iOS, Android, and other operating systems but needs to have a client installed for computers other and Windows.
Brute force attacks against RDP
Since it is the most popular tool to connect two computers, RDP has been the target of hackers and cybercriminals. In recent weeks, the number of brute force attacks on RDP connections has shot up. These are automated attacks whose aim is to take over corporate desktops and infiltrate networks.
The cybercriminals try to break the RDP with a hope of getting into the corporate network. Once they are inside, they can do all the things that a legitimate employee can including accessing confidential data and using corporate email. They could use the corporate email to spread malware through phishing or steal important data for ransom.
Coronavirus pandemic has undoubtedly increased the brute force attacks on RDB. Before the pandemic, there used to be around 150,000 brute force attempts every day. However, at the start of March, when the stricter lockdown measures came into effect, almost a million attempted brute force attacks on RDP connections were registered every day.
Cybercriminals take the help of TrickBot trojan to mount the brute force attacks. The later versions of TrickBot released in March have a new module—rdpScanDll—that is used by cybercriminals to carry out brute-force attacks on RDP connections.
Resource: Panda Security.