Tips on Brute-force RDP Attacks and Remote Desktop Security

sad businessman

The number of brute-force attacks on Remote Desktop Protocol has skyrocketed in 2020.

A sharp increase of people telecommuting during the COVID pandemic has attracted cybercriminals looking to take advantage of the surge of new work-from-home employees. At the start of 2020 we saw around 100,000 to 150,000 brute-force RDP attacks per day. By the beginning of March this was already up to almost a million.
Security Experts warn that the risks of poorly secured RDP access is real, and leave you vulnernable to such threats as ransomware and viruses, or even a more targeted attack.

Reports from Coveware, Emsisoft, and Recorded Future have RDP as the most common source of most ransomware incidents in 2020. RDP was also at the top of the list before the 2020 COVID/Work-from-home situation, but the issue is now being compounded by the influx of companies opening up RDP.

So, what can you do to protect your servers?

The best first step is to lock down port 3389, the default RDP port. Blocking 3389 at the firewall, or changing your RDP port will help with a good portion of attacks.
We also recommended keeping Windows up to date to close any known exploits.

The next step is to setup a Firewall and VPN in front of your servers. This will allow you to restrict access to your RDP servers to only those employees with access to the VPN.

Lastly, we recommend a Disaster Recovery service, such as our Disaster Recovery clouds. Using a Disaster Recovery cloud allows you to revert your data to as recent as one hour before you were infected with Ransomware or virus, experienced data corruption, or any other data-loss event.

If you do not have a Disaster Recovery plan in place for your servers now is the time to fix that. As always our expert staff is available for free consultations if you have any questions about how you can better protect yourselves. Please reach out to sales@togglebox.com with any questions!