Remote Desktop Protocol (RDP), a Microsoft client that allows employees to access corporate resources remotely, has become a major target for cybercriminals looking to steal sensitive data or infect a network with ransomware.
This is according to a new report from Atlas VPN, based on figures released by cybersecurity experts Kaspersky.
Atlas VPN’s latest report states that the rise of remote working led cybercriminals to pay more attention to RDP and many were able to exploit improperly configured servers.
The number of attacks against RDP rose from 969 million in 2019, to more than 3.3 billion in 2020 – a 241 percent rise.
Most were brute-force attacks, meaning cybercriminals used scripts to automatte login attempts until they came across the correct login credentials.
According to Atlas VPN, criminals always start with credentials already available on the dark web, as employees often recycle old passwords or use the same combination across a wide variety of services.
Successfully entering the network allows the attacker to move laterally within the target infrastructure, mapping it out and hunting down all manner of private data. This information is either sold on the dark web or used as leverage as part of a ransomware attack.