Cloud Threats Memo: What You Need to Know About RDP Attacks On the Rise

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it.

A recent report from ESET has confirmed the massive growth of RDP attacks in 2020, an increase fuelled by the pandemic, and the consequential shift to remote working. In particular, the Slovakian security company has detected nearly 29 billion RDP brute-force attacks during 2020, corresponding to a whopping 768% YoY increase. An internet-facing misconfigured or vulnerable RDP server leaves organizations exposed to multiple risks, primarily ransomware, commonly deployed through RDP exploits or misconfigurations (and bear in mind that leaving exposed services is a trend that we’ve also observed in public cloud workloads).

This is just the latest warning about the sharp rise in RDP attacks since the beginning of the pandemic. As organizations adapt to the new normal, they need to make more and more services available for remote workers and these figures suggest that, at least initially, this process has occurred prioritizing productivity over security, and implicitly exposing private and public companies to new risks. Please notice that exposed RDP services are not the only threat in the pandemic era: the past year has seen an unprecedented number of critical vulnerabilities affecting VPN concentrators, another attack vector exploited by cybercriminals to deploy ransomware, and emphasized in the ESET report as well.

How Netskope mitigates the risk of misconfigured RDP servers

Netskope Private Access allows users to publish resources in a simple and secure manner to virtually any applications (including RDP servers) embracing the Zero Trust paradigm without the constraints of legacy technologies. It is possible to publish and segment resources located in a local data center, but also in a private or public cloud, without opening any inbound service that can be probed by threat actors. There is also no need for any on-prem hardware device to install, patch, and maintain, which avoids scalability issues and performance bottlenecks. Finally, a check on the security posture of the endpoint is enforced before accessing the target application. A smarter and more secure way to provide remote connectivity in the “new normal.”

Stay safe!