Cyber Tips

Reducing the risk of RDP brute force attacks

RDP brute force attacks are commonly used by hackers targeting remote working employees, and this new control will make brute forcing much harder.

Good news for your clients with employees working from home or remotely. Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system.

Working from home is now the norm for many of your clients’ employees and therefore remotely logging in to corporate VPNs and application suites are essential. According to researchers at cybersecurity company ESET, there was a reported 768% growth in Remote Desktop Protocol (RDP) attacks in 2020 and this percentage continues to increase. In total, ESET detected 29 billion attempted RDP attacks in 2020 as cyber criminals try to exploit remote workers.

How do I describe an RDP Attack to my clients?

An RDP allows one computer to connect to another or a network without direct contact. A Remote Desktop Protocol Attack is a type of data breach which occurs via a user’s remote desktop protocol (or RDP). Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, brute force attacks involve submitting many passwords in a row until the right one is “guessed”.

Why is Microsoft’s action good news?

Previously, there was no timeout for multiple failed attempts at logging on. In new builds, accounts automatically lock for 10 minutes after 10 invalid sign-in attempts. This feature was present in previous versions but was not enabled by default. This is a step in the right direction.

Points to emphasize with your clients:

1. The easiest method to prevent RDP attacks is to not expose the port to the internet. If external connections are required then they should be done through a virtual private network (VPN).

2. If an RDP port must be exposed to the internet, it should be protected with multi-factor authentication (MFA).

Additionally, an organization could use just-in-time tokens. These are temporarily-generated tokens that will provide access to a resource at a specific point in time. After they expire, they’re useless so if they’re compromised it’s only a risk until the token expires.

Please let our team know if you’d like to help your clients boost their digital risk management and I can connect you with our Hackbusters advisory team.

Related Posts

Cyber Tales Spear-phishing: What is it? What to do?

Spear-phishing: What is it? What to do?

In a cyber incident reported to us last week, a senior employee in the insured’s finance department discovered their email address had been compromised; when a phishing email was broadcast from their email address to their entire contact list.

Cyber Tips Cyber Response for business with Hackbusters

Cyber Response for business with Hackbusters

Jack Brooks, Head of BOXX Hackbusters™, shares some insights on how to best prevent your business from a cyber attack.


Sign up for the BOXX Insurance Newsletter

Get the latest updates about Cyber Insurance and Protection with our newsletter.