With much of the world still working from home due to Covid-19, it’s no surprise to see an increase in the use of technologies like Remote Desktop Protocol (RDP) being deployed or used more heavily than before in the workplace. Malicious actors have definitely taken note of this, as ESET has reported an increase in RDP brute force login attempts since February. RDP exposed to the Internet with weak passwords has continued to be a popular method of intrusion for ransomware operators and others hoping to install their malware.
RDP Brute Force Attempts Are Increasing
Binary Defense highly recommends evaluating whether any Internet-exposed RDP servers are necessary. VPN access is a great way to allow employees continued access to RDP without exposing servers to the public Internet and possible brute force or exploit attempts. If it is absolutely necessary to expose RDP directly, minimize risk by implementing the Microsoft RDP Gateway solution, limiting the number of users that can connect to the server at once, using strong passwords and multi-factor authentication.
Microsoft RDP security best practices: https://www.microsoft.com/security/blog/2020/04/16/security-guidance-remote-desktop-adoption/