Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,038
- Points
- 113
Due to the hasty mass transition of companies to remote work, the number of corporate servers available to cybercriminals from the Internet is rapidly growing, experts say from the Solar JSOC Cyber Threat Monitoring and Response Center. One of the main reasons is the use by companies of the unsecured Remote Desktop Protocol (RDP). According to Solar JSOC, in just one week the number of devices accessible from the Internet via the RDP protocol has grown by 15% in Russia (the total number today is more than 76 thousand units) and by 20% in the world (more than 3 million units).
RDP, a protocol developed by Microsoft for remote control of Windows operating systems, is by far the most popular way to connect to a work environment. However, by default, RDP uses port 3389, and if the company's IT department does not pay enough attention to the security of remote access, the corporate server becomes extremely vulnerable to attackers. For example, it is not uncommon for a remote server to be accessible and visible from the Internet - anyone can try to connect to it. In this case, an attacker can deceive the identification and authentication system, select
To understand how relevant these threats are, experts from the Solar JSOC Cyber Threat Monitoring and Response Center, using various tools, analyzed and monitored the number of devices accessible from the Internet via the RDP protocol. In just a week from March 17 to March 24, when companies began to massively switch to remote work, the growth of such devices was 15% in Russia and 20% in the world.
According to experts from Solar JSOC, every month in the Windows security updates, all new discovered vulnerabilities related to RDP are fixed. For this reason, it is highly undesirable to use regular unsecured remote desktop access. It is recommended to use at least VPN with two-factor authentication and implement remote access based on secure protocols.
