90% of businesses facing RDP attacks

By Dylan Bushell-Embling
Monday, 30 September, 2019

Attacks involving the Microsoft Remote Desktop Protocol (RDP) are proliferating and will likely continue to grow in the future due to the protocol’s widespread use, new research suggests.

Research from network threat detection and response company Vectra suggests that 90% of organisations could be facing some form of malicious RDP behaviours.

Between January and June this year, Vectra’s Cognito platform detected 26,800 suspicious RDP behaviours in more than 350 deployments. More than 90% of these deployments exhibited RDP attacker behaviour detections.

The most frequently targeted industries include manufacturing and finance, at 10 and eight detections per 10,000 workloads and devices. Together with the retail sector, these three industries accounted for nearly half (49.8%) of all RDP detections.

The government and healthcare sectors rounded out the top five list of the most frequently targeted industries.

But while the manufacturing industry has the highest rate of RDP detections, IT managers within these organisations are more likely to weigh the cost and time savings to centralised management enabled by RDP more heavily against the increased attack surface presented.

“Cybercriminals know that RDP is an easy-to-access administrative tool that allows them to stay hidden while carrying out an attack,” Vectra Head of Security Analytics Chris Morales said.

“It’s essential for security teams to understand how RDP is used by attackers because it will continue to be a threat in the near future.”

Image credit: ©stock.adobe.com/au/James Thew

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.