• About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Privacy Policy
  • Contact us
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
No Result
View All Result

30% Rise In Attacker Interest In Remote Desktop Protocol: SANS Institute

by CXO Staff
April 16, 2020
in News

SANS findings indicate risk to companies that have quickly enabled remote working via Remote Desktop Protocol (RDP) during COVID-19 outbreak.

trojan cyber attack
Dr. Johannes Ullrich, SANS Institute
Dr. Johannes Ullrich, SANS Institute

Global player in cybersecurity training and certifications SANS Institute has identified a 30% increase in attacker interest in Remote Desktop Protocol (RDP) servers during the month of March 2020. This increase coincides with a significant increase in exposed RDP servers, as measured by Shodan, the search engine that allows users to search the internet for connected devices.

The findings for March are concerning, as they also coincide with the massive surge in companies worldwide that needed to close offices and quickly enable employees to work from home

to comply with social distancing restrictions due to the rapid spread of COVID-19. The concern is that, in order to quickly and inexpensively enable employees to work from home, some organisations have implemented RDP, which can expose confidential systems to the public internet.

Dr. Johannes Ullrich, SANS fellow and Dean of Research at the SANS Technology Institute, said, “The number of source IP addresses attackers used to scan the internet for RDP increased by about 30% during March, from an average of 2,600 attacking IP addresses to around 3,540 each day in March. RDP is not a protocol that is robust enough to be exposed to the internet. Consequently, we are now seeing attackers actively trading weak credentials which they have identified for these RDP servers. A compromised RDP server can lead to a complete compromise of the exposed system and will likely be used to attack and exploit additional systems inside the network.”

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, which provides users with a graphical interface to connect to another computer over a network connection. It is an inexpensive and simple way for companies to enable remote working for employees. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

For companies that have implemented RDP, Ullrich advises, “Use unique, long, and random passwords to secure your RDP servers, and if possible, only provide access via a VPN. Microsoft also offers RDP Gateway, which can be used to implement strong authentication policies. You may attempt to limit access to RDP from specific IP addresses if you are not able to implement a VPN right now, but this may be difficult if your administrators are currently working from home with dynamic IP addresses.

“Another option is to use a cloud server as a jump-off point,” he continued. “Whitelist the cloud server and use secure protocols like SSH to connect to the cloud server. This technique may work as a quick fix if you do not want to risk downtime while everybody is working remotely. Many organisations are currently not willing to risk a loss of access to business-critical systems. Modifying remote access and firewall rules may lead to a loss of access that, in some cases, can only be restored by on-site personnel.”

Recognising that coronavirus has caused organisations around the world to transition their workforce away from an office to work-from-home environment, and that many organisations lack the policies, resources, or training to enable their people to do so securely, SANS released the “Securely Working from Home” Deployment Kit on March 16. This free kit provides organisations with a step-by-step guide on how to rapidly deploy a training program for their remote staff. All training materials and resources necessary to secure a remote, multi-lingual workforce are included in the kit.

Tags: CybersecurityDr. Johannes Ullrichfeatured2Remote Desktop ProtocolSANS Institute
ShareTweet

Related Posts

Meriam ElOuazzani, Senior Regional Director, Middle East, Turkey, and Africa, SentinelOne
Feature

A day in the life of Meriam ElOuazzani

What does your morning routine look like? I start my day around 5:00 AM with a few minutes of meditation—it...

July 4, 2025
Tenable research finds rampant cloud misconfigurations exposing critical data and secrets
Future

Tenable research finds rampant cloud misconfigurations exposing critical data and secrets

Tenable released its 2025 Cloud Security Risk Report, which revealed that 9 percent of publicly accessible cloud storage contains sensitive...

July 4, 2025

Discussion about this post

Latest Issue

Meriam ElOuazzani, Senior Regional Director, Middle East, Turkey, and Africa, SentinelOne

A day in the life of Meriam ElOuazzani

July 4, 2025
Tenable research finds rampant cloud misconfigurations exposing critical data and secrets

Tenable research finds rampant cloud misconfigurations exposing critical data and secrets

July 4, 2025
How co-packaged optics boost speed and slash energy use

How co-packaged optics boost speed and slash energy use

July 3, 2025

The most trusted source of strategic intelligence for IT decision makers in the Middle East.

About

  • About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Contact Us

Policies

  • Privacy Policy

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f X-twitter Linkedin
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden.

About

  • About Us
  • Site Map
  • Contact Us
  • Career

Policies

  • Help Center
  • Privacy Policy
  • Cookie Setting
  • Term Of Use

Join Our Newsletter

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f Twitter Youtube Instagram

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
No Result
View All Result
  • News
  • Opinions
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
  • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CX50 Oman
    • CXO50
    • ICT Awards
      • Dubai
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2023
    • All events
  • Videos
  • GITEX GLOBAL
  • Digital Magazine

© 2024 - CXO Insight Middle East. All Rights Reserved.