Security specialist ESET’s latest Threat Report warns of a massive increase in attacks on Remote Desktop Protocol (RDP) endpoints and new activity from the Nobelium gang against European government organizations. ESET’s figures show attacks on RDP servers having gone up 103.9 percent since its T1 report in June, representing a total of 55 billion detected brute-force attacks, thanks in no small part to a campaign focused on Spanish targets. “It seemed in T1 2021 that the growth of RDP attack attempts would be slowing down,” ESET security awareness specialist Ondrej Kubovič told The Register. “T2 2021 brought a bit of a surprise as the detections of RDP accelerated again. The trend suggests further growth in attack attempts and probably quite a steep one in T3, as this is typically the busiest part of the year.”
RDP brute-forcing is one of the main ways that attackers get a foothold on networks, aside from the most common method of using phishing emails to distribute malware.. If at all possible, do not expose RDP services to the Internet, use strong passwords, and set up Multi-Factor Authentication (MFA). There is a history of ransomware gangs using RDP brute-forcing as an initial step in attacking organizations.