Remote Desktop Protocol password brute-force attacks

Remote Desktop Protocol password brute-force attacks

Work-from-home conditions have become increasingly prevalent since the pandemic. This shift in working arrangements has made remote desktop applications and VPNs essential tools for accessing enterprise resources within corporate networks.

What is Remote Desktop Protocol?   

Remote Desktop Protocol (RDP) facilitates remote access to Windows machines. To access a machine remotely, a user must be connected to the same network as the target machine. The default port commonly used for RDP connection is 3389, although other ports can also be configured for RDP access.

Unfortunately, the increased use of RDP has also led to higher security risks. Even simple brute-force attacks can successfully compromise RDP-enabled machines.

Why do hackers prefer RDP attacks?   

If an RDP attack is successful, the hacker gains access to all the resources on the affected machine. They can lock the screen with a full-screen image, encrypt important files, and demand a ransom to restore access. This malware is known as ransomware. In 2023, RDP was the most common initial access method in about 65% of ransomware-related incidents according to the Sophos Active Adversary Report for 1H 2024.

During an RDP attack, other malware can be installed and allowed to spread through the network from the hacked machine. Company data can be stolen or tampered with. The possibilities are infinite. Hackers utilizing RDP attacks get huge returns with little effort.

What are RDP brute-force attacks?   

With the help of network scanners like Masscan, hackers can find the TCP and IP port ranges that are used in RDP servers in a matter of minutes. The hacker can then track one of them down and try to gain access to the machine using brute-force tools, which automatically try a massive number of username and password combinations within a small time interval. The quickest match can be made within two minutes, but on average, the right username-password match is found in a day or two.

How to prevent RDP password brute-force attacks   

  • Increase password length: Lengthy passwords are not easily cracked through brute force.

  • Increase password complexity: Avoiding patterns, common phrases, and dictionary words in passwords can help make them immune to password attacks.

  • Restrict login attempts: By setting a threshold for the number of failed login attempts, you can stop the brute-force tool from trying too many combinations of usernames and passwords. After this threshold is reached, the machine should be locked.

  • Implement CAPTCHA: CAPTCHA can prevent automated bots from attempting to log in. This renders brute-force attacks ineffective.

  • Configure multi-factor authentication: However strong a password is, it’s still susceptible to phishing attacks. That’s why other factors of authentication, like biometrics, should be implemented to secure logons.

 

Thwart RDP password attacks with ADSelfService Plus

ADSelfService Plus is an identity security solution that offers MFA, SSO, and advanced password management capabilities to help protect your organization from password attacks.

  • Multi-factor authentication: Secure RDP, machine, and VPN logins with over 20 advanced authentication methods, including biometrics, YubiKey, Google Authenticator, and FIDO passkeys.
  • Custom password length: Set minimum and maximum password lengths to avoid brute-force attacks.
  • Custom password complexity: Configure password policies with varying complexities for different users, groups, and OUs in Active Directory.
  • CAPTCHA settings: Implement CAPTCHA on the admin and user login pages as well as the multi factor authentication pages.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to enable multi-factor authentication for RDP

                      Generally, remote employees use Microsoft Remote Desktop Protocol (RDP) to connect to their work devices from an external network, using only a password to authenticate their devices. This makes RDP-based access highly vulnerable to password-based ...

                    • How to prevent a brute force attack with ADSelfService Plus

                      What is a brute force attack? In a brute force attack, cybercriminals try to guess the password of a target user account, analyze the result, and try again until they succeed. This process could take anywhere from weeks to months. Though this method ...

                    • Password Policy Enforcer configuration

                      ADSelfService Plus' Password Policy Enforcer enables admins to utilize advanced password policy controls like banning weak passwords and keyboard sequences for users' on-premises AD accounts and cloud accounts, including Microsoft 365 and Google ...

                    • How to enable offline MFA in ADSelfService Plus

                      ManageEngine ADSelfService Plus supports offline multi-factor authentication (MFA) for Windows machine logins, User Account Control (UAC) prompt elevation, and Remote Desktop Protocol (RDP) server authentication when the product server is ...

                    • Multi-factor authentication techniques in ADSelfService Plus

                      Let's take a look into the various authentication methods supported by ADSelfService Plus for enterprise multi-factor authentication (MFA). Why should you use MFA? Authentication based solely on usernames and passwords is no longer considered secure. ...

                      Related Products