Remote desktop protocol attacks surge by 241%

Read time 2min 00sec

The COVID-19 pandemic saw entire workforces shifting to remote work, practically overnight. A slew of companies started using Microsoft’s client software called remote desktop protocol (RDP), which is used to access corporate resources remotely.

Unfortunately, the speed at which this happened exposed many improperly configured and, in turn, unsafe RDP servers, and bad actors immediately jumped on the bandwagon, viewing this as an opportunity to hack into systems.

According to data by the Atlas VPN research team, RDP attacks rocketed by 241% last year. 

In 2019, RDP attacks stood at 969 million, but in the year 2020, attackers carried out a whopping 3.3 billion attacks. This data was provided by Kaspersky, one of the biggest antivirus companies globally that protects more than 400 million users and 250 000 corporate clients.

According to the research, RDP attacks have been growing steadily since the beginning of 2019, but the pandemic accelerated the growth dramatically, which led to 3.3 billion incidents from January to November 2020.

Further scrutiny of the data shows that in 2019, malefactors carried out an average of 88 180 802 attacks each month. However, the following year, the average number of RDP attacks per month surged to 302 020 526.

In addition, in 2019, hackers carried out the majority of attacks in September, at 160 234 416. Yet, in November the following year, they pulled off a staggering 409 155 016 attacks, representing a 155% increase when comparing the maximum number of attacks per month in 2019 and 2020.

Brute force

The majority of RDP attacks employ a brute-force method, in which attackers use trial-and-error, submitting many passwords or passphrases with the hope of eventually guessing a combination that will allow them to access the target computer.

Atlas VPN is noting that attackers are not using random username and password combinations, as they have millions of username and password combinations that were leaked from other businesses. The company recently reported that there were 37 billion data records leaked last year, a growth of 140% year-over-year, meaning, there is no shortage of credentials that hackers can try.

If the brute force attack succeeds, the attacker can move laterally within the organisation’s network until they find what they are looking for, be it financial data, contact information, user data, or any other sensitive information. 

See also