back to article Attacks against Remote Desktop Protocol endpoints have exploded this year, warns ESET's latest Threat Report

Security specialist ESET's latest Threat Report warns of a massive increase in attacks on Remote Desktop Protocol (RDP) endpoints – and new activity from the Nobelium gang against European government organisations. ESET's figures show attacks on RDP servers having gone up 103.9 per cent since its T1 report in June - it …

  1. Pascal Monett Silver badge

    the Nobelium gang

    Putting more pressure on OS makers, industry and IoT-shite makers to secure their platforms.

    As bad as it may seem, in some cases this pressure might not be a bad thing. It is going to push industry to better safety practices, maybe cleaning up their act and doing a better job overall. That will benefit everyone.

    Oh, and maybe, just maybe, all those unsecured cloud databases will become a thing of the past. I can dream, can't I ?

    But attacking hospitals for money should mean a bullet in the head. No pity there.

    1. Anonymous Coward
      Anonymous Coward

      Re: the Nobelium gang

      "But attacking hospitals for money should mean a bullet in the head. No pity there."

      Completely agree. But health institutes/companies are heavily at risk for 2 reasons, and therefore a low hanging fruit for cyber-criminals:

      - their security posture/competencies are *very* weak

      - they have strict compliance requirements for securing data

      Thus, a ramsomware attack is both easy to perform and has many chances of success.

      1. hoola Silver badge

        Re: the Nobelium gang

        And they are often constrained on budget where it is needed in IT.

  2. Giles C Silver badge

    Rds on the internet

    Why does anyone have an Remote Desktop port exposed to the internet, I thought that after the hack against Travelex a couple of years ago people should have realised it was a bad idea - although why it was ever a good idea beats me.

    It is about the same level of security as a curtain would offer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Rds on the internet

      >It is about the same level of security as a curtain would offer.

      Quite, but it is still extremely common to deploy an RDP-enabled GUI-driven box at the edge of a cloud environment to act as a human-friendly edge machine. This is commonly, stupidly called a "bastion", usually based on the clever tricks windows RDP can do in terms of preventing multiple logons, controlling clipboard access and so on.

      I'm surprised RDP-centric attacks have taken this long to take off. Even if you shouldn't put them on the internet, plenty of people will through ignorance or error. Even if they don't they're always a very promising target to move sideways and potentially increase your privileges, because of that common role in mediating boundary security.

      1. JamesTGrant

        Re: Rds on the internet

        At the least connect via VPN shuurrrly… or just run a Teamviewer daemon… (mostly joking, mostly) Internet connected RDP Windows is maadnesses

        1. big_D Silver badge

          Re: Rds on the internet

          At a previous employer, the CEO was an old-school developer. He put RDP directly online, but on a different port, because that was "safe", because nobody would guess that RDP was running on a different port, or heaven forbid, port scan us...

          After he left, the first thing we did was bring it behind the firewall, so you needed to VPN in first, with 2FA.

    2. big_D Silver badge

      Re: Rds on the internet

      The same here, there is no way I'd ever put such a service directly on the Internet.

      RDP and similar protocols are something that need to stay safely behind the firewall. Ours are only accessible internally or via VPN.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like