Your IT Consultant

Millions of Remote Desktop Protocol Endpoints Exposed on the Internet

August 16, 2017

A lot of people use RDP (Remote Desktop Protocol) to remotely access their computers. Security researchers from Rapid7 conducted an Internet wide scan and discovered over 11 million devices with 3389/TCP ports left open online. Of the 11 million, over 4.1 million specifically supported the RDP protocol. In early 2016, 9 million devices had open 3389 ports and late 2016 the number increased to 9.4 million. RDP isn't a bad thing, but should be implemented securely.

A Webroot report from March 2017 pins RDP as the favorite method for delivering ransomware. The good news is that over 83% of the RDP endpoints were ready to initiate connections and authenticate using CredSSP, a security protocol. Over 15% didn't support SSL/TLS or only supported the standard RDP security, which is susceptible to man-in-the-middle (MITM) attacks. According to Bleeping Computer, "Most RDP endpoints are compromised because admins forget to enable authentication, use easy-to-guess credentials, or don't use a firewall to control access to the RDP machine. Just by the fact that Rapid7 discovered these 4.1 million devices with open RDP ports means they were not sitting behind a firewall. In the case of a new RDP exploit or zero-day, these devices would automatically become cannon fodder for the next major malware outbreak."

The implementation of RDP is the problem. If you use RDP for remote management into your network, make sure you configure the connection for secure authentication and consider using a two-factor authentication method like Duo Security.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com