2 min read

Spike in Remote Work Leads to 40% Increase in RDP Exposure to Hackers

Filip TRUȚĂ

March 31, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Spike in Remote Work Leads to 40% Increase in RDP Exposure to Hackers

As Covid-19 continues to wreak havoc globally, companies are keeping their employees at home. To ensure compliance and stay atop security standards, teleworkers have to patch into their company”s infrastructure using remote desktop protocol (RDP) and virtual private networks (VPN). But not everyone uses these solutions securely.

Research by the folks behind Shodan, the search engine for Internet-connected devices, reveals that IT departments globally are exposing their organizations to risk as more companies go remote due to COVID-19.

“The Remote Desktop Protocol (RDP) is a common way for Windows users to remotely manage their workstation or server. However, it has a history of security issues and generally shouldn’t be publicly accessible without any other protections (ex. firewall whitelist, 2FA),” writes Shodan creator John Matherly.

After pulling new data regarding devices exposed via RDP and VPN, Matherly found that the number of devices exposing RDP to the Internet on standard ports jumped more than 40 percent over the past month to 3,389. In an attempt to foil hackers, IT administrators sometimes put an insecure service on a non-standard port (aka security by obscurity), Matherly notes. But this number too has climbed, by around 37 percent, over the same period. With the growing number of cyber-attacks capitalizing on COVID-19 and remote workers, cybercriminals undoubtedly know all too well where, when and how to hit.

Furthermore, the number of servers running VPN protocols on different ports has jumped by a third, from nearly 7.5 million to nearly 10 million. One such protocol is the Point-to-Point Tunneling Protocol (PPTP), an obsolete method for implementing virtual private networks that”s riddled with known security issues. The known vulnerabilities relate to the underlying PPP authentication protocols used, as well as the design of the MPPE protocol and the integration between MPPE and PPP authentication for session key establishment.

Another worrying find is the increase in exposure for industrial control systems (ICS), which typically keep critical infrastructures alive across the globe. Hackers exploiting a vulnerability in ICS applications can have dire consequences for cities and indeed entire nations.

Here at Bitdefender we focus on keeping your devices protected from malicious activity and threats of all kinds. Now more than ever, you need autonomy and safety as you reach the world via your internet-enabled devices. That”s why we have extended the trial for our best security suite, ensuring that you can take care of your family”s devices for up to 90 days. If you”re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read