2 min read

Spike in Remote Work Leads to 40% Increase in RDP Exposure to Hackers

Filip TRUȚĂ

March 31, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Spike in Remote Work Leads to 40% Increase in RDP Exposure to Hackers

As Covid-19 continues to wreak havoc globally, companies are keeping their employees at home. To ensure compliance and stay atop security standards, teleworkers have to patch into their company”s infrastructure using remote desktop protocol (RDP) and virtual private networks (VPN). But not everyone uses these solutions securely.

Research by the folks behind Shodan, the search engine for Internet-connected devices, reveals that IT departments globally are exposing their organizations to risk as more companies go remote due to COVID-19.

“The Remote Desktop Protocol (RDP) is a common way for Windows users to remotely manage their workstation or server. However, it has a history of security issues and generally shouldn’t be publicly accessible without any other protections (ex. firewall whitelist, 2FA),” writes Shodan creator John Matherly.

After pulling new data regarding devices exposed via RDP and VPN, Matherly found that the number of devices exposing RDP to the Internet on standard ports jumped more than 40 percent over the past month to 3,389. In an attempt to foil hackers, IT administrators sometimes put an insecure service on a non-standard port (aka security by obscurity), Matherly notes. But this number too has climbed, by around 37 percent, over the same period. With the growing number of cyber-attacks capitalizing on COVID-19 and remote workers, cybercriminals undoubtedly know all too well where, when and how to hit.

Furthermore, the number of servers running VPN protocols on different ports has jumped by a third, from nearly 7.5 million to nearly 10 million. One such protocol is the Point-to-Point Tunneling Protocol (PPTP), an obsolete method for implementing virtual private networks that”s riddled with known security issues. The known vulnerabilities relate to the underlying PPP authentication protocols used, as well as the design of the MPPE protocol and the integration between MPPE and PPP authentication for session key establishment.

Another worrying find is the increase in exposure for industrial control systems (ICS), which typically keep critical infrastructures alive across the globe. Hackers exploiting a vulnerability in ICS applications can have dire consequences for cities and indeed entire nations.

Here at Bitdefender we focus on keeping your devices protected from malicious activity and threats of all kinds. Now more than ever, you need autonomy and safety as you reach the world via your internet-enabled devices. That”s why we have extended the trial for our best security suite, ensuring that you can take care of your family”s devices for up to 90 days. If you”re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read