How to prevent brute-force attacks on Remote Desktop Protocol (RDP)

brute-force attacks

The number of people working from home has risen astronomically this year due to COVID-19. Consequently, numerous companies have been reliant on remote desktop connections to enable their employees to access their work computers from home.

One of the most popular applications for accessing Windows workstations and servers is Microsoft’s remote desktop protocol (RDP), which cybercriminals have viewed as the perfect opportunity to exploit.

To gain access to valuable corporate resources such as confidential emails and data, cybercriminals can deploy brute-force attacks, attempting to find a valid RDP username and password pair by systematically checking all possible combinations until the right one is discovered.

Interested in the prevalence of RDP brute-force attacks, Reboot Online analyzed the latest data from anti-virus specialists Kaspersky to discover which Asian countries are most at risk.

Reboot Online found that Georgia is the biggest victim of RDP brute-force attacks in Asia, with most network attacks attributed to RDP brute-force attacks (60.76%).

Armenia is in the second position, as 50.11% of network attacks in the country are RDP brute-force attacks leaving Microsoft users at high risk. Slightly below Armenia is South Korea, 48.83% of network attacks are RDP brute-force attacks, placing them the third most likely to experience RDP brute-force attacks in Asia.

The rate of RDP brute-force attacks in India is 18.02%, meaning the country ranks 18th. Georgia is the biggest victim of RDP brute-force attacks in Asia, with 60.76% of network attacks classified as RDP brute-force attacks.

When it comes to the other major economic powerhouses of Asia, this is how they fare with the risk of RDP brute-force attacks: Japan (38.66%), Pakistan (18.58%), Russia (14.10%), Israel (13.47%), Turkey (9.47%), China (3.87%) and Saudi Arabia (2.67%).

Alternatively, Myanmar (0.95%), Yemen (1.51%), and Laos (1.58%) are among the Asian countries where RDP brute-force attacks are significantly lower, placing them at the bottom of the list.

Reboot Online also provided top tips to help companies prevent RDP brute-force attacks.

1. Have strong usernames and passwords 

A basic and easy form of defense against RDP brute-force attacks is having a strong password. A long password and a combination of upper-and-lower case letters, numbers, and special characters are recommended.

Additionally, avoid basic account names such as ‘administrator’ as usernames, and instead use something more cryptic.

2. Set remote access restrictions 

Instead of granting access to RDP to everyone in the company, think about the employees or departments who genuinely need it to work. By restricting RDP access to selected personnel, you take a productive step towards reducing an attack risk.

3. Account lockout policy 

RDP brute-force attacks could require cybercriminals hundreds, thousands, or even millions of login attempts before finding the correct credentials –slow potential attacks by setting up an account lockout policy on Microsoft Windows. This feature will lock a user if they fail to login after a certain number of times within a specified time frame.

4. Assess IT estate 

Carefully assess all the computers in your company and identify any outdated units that can be accessed from the internet using RDP. Once these computers have been identified, replace them as soon as possible. Outdated computers are unlikely to support any new security updates/patches, thus making them more susceptible to cyber-attacks.

5. Other recommendations

Companies need to assess the requirement to have RDP, port 3389, open on systems. If required, they should

  • Place any system with an open RDP port behind a firewall and require users to VPN in through the firewall;
  • Enable strong passwords, multi-factor authentication, and account lockout policies to defend against brute-force attacks;
  • Whitelist connections to specific trusted hosts
  • Restrict RDP logins to authorized non-administrator accounts, where possible.
  • Adhere to the Principle of Least Privilege, ensuring that users have the minimum level of access required to accomplish their duties.
  • Log and review RDP login attempts for anomalous activity and retain these logs for a minimum of 90 days.
  • Ensure that only authorized users are accessing this service.
  • If RDP is not required, perform regular checks to ensure RDP ports are secured.
  • Verify cloud environments adhere to best practices, as defined by the cloud service provider. After the cloud environment setup is complete, ensure that RDP ports are not enabled unless required for a business purpose.
  • Enable automatic Microsoft Updates to ensure that the latest versions of both the client and server software are running.