4.1 Million Exposed RDP Ports. The Welcoming Gateway To Hackers

Cybersecurity researchers are working around the clock to actively monitor any possible areas of attacks. One of the most common methods that we are using is port scanning of variable strength to see what threat vectors are open to hackers. Should an open port be found, a that should be closed, evidently appears that there are issues on a much bigger scale than the port itself.

This is the case with the most recent global scans executed by researchers of cybersecurity over at Rapid7. In one of the reports published in August, A member of Rapid7 detailed the most recent scans of the ports that showed that over 10 MILLION  devices with an open online port 3389/TCP. Interestingly enough, the port itself wasn’t the issue at all, but the fact that roughly 4.1 Million of the 3389 ports are specifically speaking through the RDP Protocol.

RDP or as it is most commonly known as “The Remote Desktop Protocol” was developed by Microsoft to allow display and input capabilities over networks for Windows based applications running on the server. One of the many capablities that RDP has, the most pertinent to security issues is the several remote controls allowed by this protocol. And for this reason specifically, RDP is disabled by default in all versions of Windows.

So where is the problem then? The problem is that RDP is very often enabled in business environments as highlighted by the team over at Rapid7.

Without a doubt, RDP is a very useful protocol, and when it is setup and it’s encryption is employed properly and correctly, it can be, for the most part safe. But in reality, and this is the center of the issue, the RDP protocols found in the report by Rapid7 are exposed directly to any hacker with experience under their belt.

A lot of this comes down to human error, the admins don’t enable authentication, add very simple credentials or don’t use any firewall to filter access to the machine using RDP. In a nutshell, this is a race against time to secure all of these exposed RDP machines. All of the 4 Million plus, as any attack on day zero on a mass scale could allow for hijacking on an enormous scale.