Security News Millions of RDP Endpoints Exposed Online and Ready for Bad Things (Remote Desktop Protocol)

[LASER_oneXM]

An Internet-wide scan carried out by security researchers from Rapid7 has discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol.

The number is up from previous scans when researchers found 9 million devices with open 3389 ports in early 2016, then 9.4 million in late 2016, and 7.2 million in early 2017, as part of Rapid7's bi-annual National Exposure Index scans.

This time around researchers fine-tuned their scanners to detect 3389 ports used for actual RDP connections. The improved scan revealed a smaller number of actual RDP ports. However, the number is still quite large.

RDP — a favorite among hackers

RDP, which stands for Remote Desktop Protocol, is a protocol developed by Microsoft to allow users access to a virtual screen, keyboard, and mouse that they can use over a network to control remote computers.

Because of these innate features, RDP has been one of the enterprise world's favorite remote management tools, but also a prime target for hackers for decades.

A Webroot report from March 2017 pins RDP as the favorite method for delivering ransomware, topping spam campaigns.

Since 2002, Microsoft also issued 20 security updates specifically related to RDP, patching 24 separate CVEs (vulnerabilities).

RDP's popularity in criminal ranks became clear in June 2016 when Kaspersky researchers discovered xDedic, an online service that was selling access to nearly 70,000 hacked RDP servers.