McAfee finds hackers targeting Remote Desktop Protocol during Covid-19
Remote working is providing a huge opportunity for hackers
New research has highlighted a significant growth in the number of attacks targeting Microsoft’s Remote Desktop Protocol (RDP) during the Covid-19 pandemic.
Businesses have increasingly turned to Microsoft RDP as a way to help employees to work from home, with the system enabling remote workers to log onto their office computers and access business networks.
As a result, the number of internet-connected RDP ports jumped from three million in January this year to four and a half million by the end of March, according to a report from security firm McAfee. However this increase has also led to a spike in the number of dark web markets selling RDP credentials online.
- Read our full Microsoft Remote Desktop review here
- Everything you need to know about how to work from home
- Microsoft issues advice on remote desktop security
52 percent of the stolen RDP credentials the company found, including more than 20,000 logins, were from networks in China. While the US has roughly the same number of exposed systems, only four percent of the stolen credentials McAfee found came from the US.
Brute-forced passwords
While RDP is critical for facilitating remote work during the pandemic, it can also expose an entire business network to risk, with many companies hastily setting up the software at the start of the pandemic.
Once malicious actors compromise an RDP port, they can easily use it to send spam using a company’s mail server. Worse, they can use remote access to spread malware throughout the internal network.
McAfee’s research points out that the majority of compromised RDP ports result not from advanced malware, but simply from brute-forcing passwords.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A surprising number of internet-exposed RDP ports don’t require a password at all, and many use common passwords like ‘123456’.
Securing remote desktop access is key to protecting business networks while employees continue to work from home. At a minimum, McAfee suggests restricting RDP connections over the open Internet and requiring complex passwords and multi-factor authentication for login.
As Steve Grobman, Chief Technology Officer at McAfee, puts it, "Remote work paradigms create new opportunities and require new defense mechanisms and practices."
- Check out our guide to the best remote desktop software
Michael Graw is a freelance journalist and photographer based in Bellingham, Washington. His interests span a wide range from business technology to finance to creative media, with a focus on new technology and emerging trends. Michael's work has been published in TechRadar, Tom's Guide, Business Insider, Fast Company, Salon, and Harvard Business Review.