This post highlights a concerning security issue: the exposure of Remote Desktop Protocol (RDP) servers, in Brighton specifically. Using the IoT search engine Shodan, we can visualize these exposed servers on a map, revealing potential vulnerabilities that could be exploited by malicious actors.
What is RDP?
Remote Desktop Protocol (RDP) allows users to remotely access another computer. This can be incredibly useful for IT support, remote work, and accessing files from anywhere. However, if not properly secured, RDP can become a significant security risk.
Why is Exposed RDP a Risk?
Easy Target for Attackers: Exposed RDP servers are like open doors for hackers. Attackers can, essentially, connect and do as they please if no further defences are in place.
What is Shodan?
Shodan is a search engine that allows users to discover and explore internet-connected devices. It can find devices based on various criteria, such as their operating system, services running, and even their location.
What the Map Shows:
The map shows the locations of devices in Brighton that have RDP enabled and exposed to the internet. This means that anyone on the internet can potentially attempt to connect to these servers and gain access.
***This query alone identified over 700 instances of exposed RDP in the Brighton area!***
How Can the Risk Be Removed or Reduced?
Close The Port: Closing port 3389 (the default port for RDP) on your firewall is the first action to mitigate the risk of unauthorized access to your RDP server.
Strong Passwords: Implement strong, unique passwords for all RDP accounts.
Two-Factor Authentication (2FA): Enable 2FA for all RDP accounts. This adds an extra layer of security by requiring users to provide two forms of identification (e.g., password and a code from an authenticator app).
Restrict Access: Limit RDP access to authorized users and networks.
Regular Security Audits: Conduct regular security audits to identify and address any vulnerabilities, including misconfigured RDP servers.
Keep Software Updated: Ensure that all operating systems and software are updated with the latest security patches.
How Easy is it to Exploit?
Too easy. Anyone can Google how, unfortunately.
According to this article RDP is used by ransomware groups, BianLian in this case, as its attack vector.
Businesses of Brighton – Is This You?
RDP is too easy a target
This post highlights a concerning security issue: the exposure of Remote Desktop Protocol (RDP) servers, in Brighton specifically. Using the IoT search engine Shodan, we can visualize these exposed servers on a map, revealing potential vulnerabilities that could be exploited by malicious actors.
What is RDP?
Remote Desktop Protocol (RDP) allows users to remotely access another computer. This can be incredibly useful for IT support, remote work, and accessing files from anywhere. However, if not properly secured, RDP can become a significant security risk.
Why is Exposed RDP a Risk?
What is Shodan?
Shodan is a search engine that allows users to discover and explore internet-connected devices. It can find devices based on various criteria, such as their operating system, services running, and even their location.
What the Map Shows:
The map shows the locations of devices in Brighton that have RDP enabled and exposed to the internet. This means that anyone on the internet can potentially attempt to connect to these servers and gain access.
***This query alone identified over 700 instances of exposed RDP in the Brighton area!***
How Can the Risk Be Removed or Reduced?
How Easy is it to Exploit?
Too easy. Anyone can Google how, unfortunately.
According to this article RDP is used by ransomware groups, BianLian in this case, as its attack vector.
Sophos found that RDP was exploited in 90% of incidents in 2023.
Conclusion:
Just from looking at the map I would assume too many businesses have no idea at all how exposed they are to potentially nefarious activity.
Hackers don’t always have to hack. Sometimes the doors (or ports) are wide open.
NB: It is possible that undetected mitigations are in place for some of these instances.
Disclaimer: This blog post is for informational purposes only. I am not responsible for any misuse of this information.
Recent Post
Businesses of Brighton – Is This You?
January 20, 2025The Cost of a Cyber Attack: Real-World
January 8, 20255 Cybersecurity Threats To Watch For In
January 2, 2025