The second part of the revised paper provides updated guidance on defending against attacks on RDP. But it is also possible to defend against these attacks. Absolute numbers are roundedĬlearly, attackers are finding value in connecting to organizations’ computers, whether for conducting espionage, planting ransomware, or some other criminal act. Malicious RDP connection attempts detected worldwide (source: ESET telemetry). By the fourth quarter of 2021, that had jumped to 166.37 billion connection attempts, an increase of over 8,400%!įigure 2. Just how large was the jump? In the first quarter of 2020, we saw 1.97 billion connection attempts. During that period, ESET telemetry shows a massive increase in malicious RDP connection attempts.
Looking at two years’ worth of data from the beginning of 2020 to the end of 2021 would seem to agree with this assessment. As a matter of fact, attacks against its vulnerabilities have increased massively, which brings up another possibility for the decrease in BlueKeep detections: Other RDP exploits might be so much more effective that attackers have switched over to them.
ESET ENDPOINT SECURITY USERNAME WINDOWS
Unlike AutoPlay, RDP remains a regularly used feature of Windows and just because there is a decrease in the use of a single exploit against it that does not mean that attacks against it as a whole are on the decrease. Today, they account for under a tenth of a percent of detections. At one point, AUTORUN.INF-based worms accounted for nearly a quarter of threats encountered by ESET’s software. A feature since Windows 95 was released in 1995, AutoRun was heavily abused to propagate worms like Conficker. Microsoft then backported this change to all previous versions of Windows, although not perfectly the first time.
ESET ENDPOINT SECURITY USERNAME WINDOWS 7
Windows 7 came with support for AutoRun (AUTORUN.INF) disabled. The last time I remember seeing such a widespread change was when Microsoft released Windows 7 in 2009. RDP remains widely used, and this means that attackers are going to continue conducting research into vulnerabilities that they can exploit.įor a class of exploits to disappear, whatever is vulnerable to them has to stop being used. In this instance, seeing attempts to exploit a vulnerability like BlueKeep decrease over time seems like good news. Some of that criticism is valid, but security is always an ongoing process: new threats are always emerging. One of the oft-heard complaints about computer security companies is that they spend too much time talking about how security is always getting worse and not improving, and that any good news is infrequent and transitory. CVE-2019-0708 “BlueKeep” detections worldwide (source: ESET telemetry) So, we have done just that: a new version of our 2020 paper, now titled Remote Desktop Protocol: Configuring remote access for a secure workforce, has been published to share that information.įigure 1.
According to our threat report for the first four months of 2022, over 100 billion such attacks were attempted, over half of which were traced back to Russian IP address blocks.Ĭlearly, there was a need to take another look at the RDP exploits that were developed, and the attacks they made possible, over the past couple of years to report what ESET was seeing through its threat intelligence and telemetry. That paper can be found here on ESET’s corporate blog, in case you are curious.Ībout the same time this change was occurring, ESET re-introduced our global threat reports, and one of the things we noted was RDP attacks continued to grow. To help those IT departments, particularly the ones for whom a remote workforce was something new, I worked with our content department to create a paper discussing the types of attacks ESET was seeing that were specifically targeting RDP, and some basic steps to secure against them. The same, though, could not be said for many organizations around the world, who either had to set up access for their remote workforce from scratch or at least significantly scale up their Remote Desktop Protocol (RDP) servers to make remote access usable for many concurrent users. Many of ESET’s employees were already accustomed to working remotely part of the time, and it was largely a matter of scaling up existing resources to handle the influx of new remote workers, such as purchasing a few more laptops and VPN licenses. Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop ProtocolĪs the COVID-19 pandemic spread around the globe, many of us, myself included, turned to working full-time from home.
0 kommentar(er)
