30% Increase in Attacker Interest in Remote Desktop Protocol in March 2020
SANS Institute has identified a 30 percent increase in attacker interest in Remote Desktop Protocol (RDP) servers during the month of March 2020. This increase coincides with a significant increase in exposed RDP servers, as measured by Shodan, the search engine that allows users to search the internet for connected devices.
The findings for March are concerning, as they also coincide with the massive surge in companies worldwide that needed to close offices and quickly stand up remote workforces to comply with social distancing restrictions due to the rapid spread of COVID-19. The concern is that, in order to quickly and inexpensively enable employees to work from home, some organizations have implemented RDP, which can expose confidential systems to the public internet.