Surge in Brute Force RDP Attacks Globally During COVID-19 Pandemic

by | May 5, 2020

Due to the COVID-19 Pandemic, many groups have have to quickly set up remote working capabilities for their staff.

As a result of this there has been increased potential for cybercriminals to initiate campaigns. Remote workers have been attacked on an even greater scale during the COVID-19 lock down, with a special focus being made on application-level protocols used by remote workers to connect to corporate systems.

Remote Desktop Protocol (RDP) is a proprietary communications protocol created by Microsoft to allow employees, IT workers, and others to remotely connect to corporate systems, services, and virtual desktops. The protocol has been implemented by many groups to allow their employees to work from home on personal computing devices.

New data from Kaspersky indicates a major global rise in brute force attacks on RDP as this has proven particularly popular with hackers due to the increase in remote workers accessing systems via RDP.

For employees to connect using RDP they would need to enter a username and password. Brute force attacks on RDP are conducted to guess those passwords, which includes trying different password combinations until the right one is calculated. That can take a long time for complex passwords, but the attacks begin with dictionary words and passwords obtained in earlier data breaches. Annual worst passwords lists show a great deal of people still opt for easy to remember passwords, which can be correctly guessed in these automated RDP attacks in a matter of seconds.

Once these details have been correctly guessed, they can be used to remotely log on to whatever systems an employee is authorized to use. Even if a fairly low-level set of credentials is compromised, it can give cybercriminals the foothold in the network to conduct extensive attacks on the group. These unauthorized logins using stolen credentials can be tricky for IT security teams to identify.

Once access is obtained, hackers can take control of email accounts and send phishing emails internally to other staff members. As has been made clear in the many phishing incidents reported by healthcare suppliers in recent months, a single email account compromise could result in a data breach involving hundreds, thousands, or even hundreds of thousands of patents’ protected health data. Ransomware and other malware can also be downloaded.

The extent of the attacks is worrying. Kaspersky security researcher, Dmitry Galov said: “During the last year, there were some spikes of such attacks in different regions, but they were mainly local and small. Right now, we can see that almost worldwide, the amount of attacks increased significantly. For instance, in February we witnessed 93,102,836 attacks globally. In April, the figure was already 326,896,999.”

The amount of RDP brute force attacks in the United States more than doubled between January 2 and March 3, and almost tripled by April 7, when there were 1.4 million RDP brute force attacks discovered.

Increase in Brute Force RDP Attacks. Source: Kaspersky

The brute force RDP attacks are likely to go on being witnessed at high levels for the foreseeable future, and certainly until the amount of remote employees reduces once the COVID-19 crisis is ended.

There are many steps that firms can take to address these attacks. One of the most important steps to take is to create password policies that force users to set strong passwords that are difficult to guess. Two-factor authentication is also crucial. If a password is guessed, a second factor must be given before a connection is permitted. Staff members should also use a corporate VPN to connect remotely along with Network Level Authentication (NLA) measures to prevent unauthorized access attempts. Kaspersky also reminds us that if RDP is not being used by remote employees, port 3389 should be turned off.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy