Remote Desktop Pandemic
How compromised RDPs became a hot commodity on the underground
Remote Desktop Protocol (RDP) is a tool that allows a user to remotely connect to and control another device over a network or the internet. Unfortunately, when an RDP connection is compromised by a threat actor, the actor can deploy malware on the targeted system, as well as weaponize the compromised device against any organization.
The coronavirus crisis forced organizations to work remotely. Many of them did not have the time or expertise to implement the appropriate security measures, presumably leading to a massive proliferation of unsecured RDP connections. Thus, it is no surprise that RDP-deployed ransomware has been a defining feature of the coronavirus cyberthreat landscape.
On the dark web, there are markets that sell access to compromised RDP servers based on their IP addresses for only $4-$20. The number of RDPs for sale spiked during the coronavirus lockdown. Similarly, occasionally attackers give out access to compromised RDP connections for free.