News Security

Remote Desktop Protocol (RDP) exposes PCs in just 84 seconds: Sophos’ study

Sophos has launched a new research, ‘RDP Exposed: The Threat That’s Already at your Door’. Sophos’ new RDP (Remote Desktop Protocol) research highlights how attackers are able to find RDP-enabled devices almost as soon as these devices appear on the internet. Sophos deployed 10 geographically dispersed, low-interaction honeypots to measure and quantify RDP-based risks. The honeypots were set-up in California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period. On average, the RDP honeypots were hit by 1 attempted attack per six seconds.

RDP continues to be a source of sleepless nights for sysadmins. Sophos has been reporting on cybercriminals exploiting RDP since 2011, and in the past year, cybercriminal gangs behind two of the biggest targeted ransomware attacks, Matrix and SamSam, have almost completely abandoned all other methods of network ingress in favour of using RDP. In the study, 4.3 million login attempts were made at a rate that steadily increased through the 30-day research period. The first honeypot to be discovered, was found in just one minute and twenty-four seconds (Paris) and the last one in 15 hours (Singapore).

Most recently, a remote code execution flaw in RDP – , who nicknamed BlueKeep (CVE-2019-0708) – has been hitting the headlines. This is a vulnerability so serious it could be used to trigger a ransomware outbreak that could potentially spread around the world in hours. However, securing against RDP threats goes far beyond patching systems against BlueKeep, which is just the tip of the iceberg. In addition to taking care of BlueKeep, IT managers need to pay broader attention to RDP overall because, as our Sophos research shows, cybercriminals are busy probing all potentially vulnerable computers exposed by RDP 24/7 with password guessing attacks”

Matt Boddy, Security Specialist, Sophos.

Related posts

eScan Cyber Security Software Solutions Announces Strategic Partnership with TD SYNNEX to Enhance Cybersecurity Distribution

enterpriseitworld

Publicis Sapient to Create a BU for Google Cloud AI

enterpriseitworld

Skylark Opens OT Cybersecurity COE with Fortinet

enterpriseitworld
x