Antivirus company Kaspersky reports that daily thousands of PCs are victims of brute force attacks on the Remote Desktop Protocol (RDP). Cybercriminals seem to have an increasing interest in taking over computers running remote desktop software, as the number of attacked systems is increasing.
The RDP protocol is a proprietary protocol developed by Microsoft which allows to remotely control a computer using a graphical interface and is used for e.g. providing support or remote system administration.
As soon as a hacker is able to obtain the username and password of a computer running RDP based software, it’s able to fully control the computer or server. This way hackers can install spam software, steal data or use the computer as a proxy for other kind of illegal actions.
Bruteforcing means that the attackers try a large amount of username and password combinations. The automated process is especially useful to get access to systems that use default usernames and password or other obvious combinations. Because the process is automated and because hacked systems can be used again to bruteforce other systems, the resources the attackers have are pretty much endless.
“Hacking RDP is rather lucrative, especially if you want to take over a server”, according to Kaspersky’s analyst Anton Ivanov. 64% of the RDP attacks was against servers, especially in Russia and the United States. As the attackers usually use wordlists which contain often used username and passwords (think admin:admin), Ivanov has a very good advice, “chose passwords wisely, and change them often.”