Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Remote desktop protocol attacks are becoming a huge threat to businesses everywhere

Security.

Remote Desktop Protocol (RDP), a system that allows users to control a computer remotely, was used in nine out of every ten cyberattacks that happened in 2023, new research has claimed.

A paper from Sophos based on analysis of more than 150 incident response (IR) cases from 2023 concludes the percentage of attacks abusing RDP has never been higher since it started tracking this metric back in 2020. In the majority of cases (65%), RDP is used to establish initial access to the target endpoint.

Furthermore, external remote services have consistently been the most frequent source of initial access, since Sophos started tracking the metric, it said.

Ransomware groups' best friend

In one case, Sophos said, an attacker successfully compromised the victim four times within six months, each time accessing the network through the victim’s exposed RDP ports. After gaining access, the attackers would move laterally throughout the network, installing malware, disabling endpoint protection tools, and establishing remote access.

“External remote services are a necessary, but risky, requirement for many businesses. Attackers understand the risks these services pose and actively seek to subvert them due to the bounty that lies beyond,” commented John Shier, field CTO, Sophos. 

“Exposing services without careful consideration and mitigation of their risks inevitably leads to compromise. It doesn't take long for an attacker to find and breach an exposed RDP server, and without additional controls, neither does finding the Active Directory server that awaits on the other side.”

Remote Desktop Protocol has been the go-to tool for cybercriminals for years now. In 2023,, the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) urged businesses to "strictly limit the use of Remote Desktop Protocol (RDP) and other remote desktop services" to minimize the threat coming from the BianLian ransomware group.

In a joint security advisory published at the time, the law enforcement agencies said BianLian usually targets Windows systems through RDP credentials, before deploying additional software to steal more credentials, or exfiltrate sensitive data and other important files.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.