Ransomware groups have been exploiting the switch to remote work unlike any other. Ransomware attacks increased by more than 485% in 20201. By 2031, a new organization is expected to fall prey to a ransomware attack every 2 seconds2. Multiple reports by threat hunting firms confirm that the primary attack vector they are using to infiltrate corporate networks are poorly guarded Remote Desktop Protocol (RDP) connections.
RDP lets a user access and control another computer located elsewhere. Say computer 1 wants to establish a RDP connection with computer 2. In that case, the former must be running RDP client software and the latter should have RDP server software. Once the connection has been established, the user who initiated the RDP connection will be able to access the device they connected with.
Though RDP has been in use for a long time, the rush to the remote work last year skyrocketed the number of people who rely on it. In early 2020, in just two months, the number of RDP ports exposed to the internet grew from three million to four and a half million. Most employees access their corporate devices via RDP from their homes. Network administrators now use RDP more frequently to troubleshoot remote systems. This waterfall effect has led to an enormous number of RDP ports being left open to the internet. Attackers are taking full advantage of it.
Worrisome is that threat actors aren’t relying on any sophisticated technique to exploit open RDP ports. They are attaining great success with brute-force attacks.
A brute-force attack is a trial-and-error method to compromise user credentials. Security researchers have observed that hackers are using different brute force techniques such as password spray attacks or credential stuffing using RDP credentials that can be purchased on the dark web to compromise RDP connections.
While some basic steps, like closing down unnecessary open RDP ports and periodically re-evaluating who has RDP access, slightly reduce an organization’s chances of being compromised, they aren’t sufficient. Attackers exploit organizations struggling to weed out the poor password practices of their users, and improving password security should be an organization’s continuing priority.
-
Learn how RDP brute-force attacks can be used to take over an organization’s Active Directory infrastructure.
-
Review a Dharma ransomware case study that reveals key aspects about the highly profitable ransomware technique that infiltrates through RDP brute-force attacks.
-
Discover how sound password security thwarts various types of password attacks.
-
Learn how to deploy the five brute-force attack defensive strategies that keep organizations safe.
It’s true that today’s cybercriminals are always finding novel ways to launch attacks. Organizations can’t afford to let their guard down against simple yet proven techniques like brute-force attacks.
Footnotes
1 2020 Consumer Threat Landscape Report
2 Prediction by cybersecurity firm, Cybersecurity Ventures