A new study by security firm McAfee found that the number of attacks against Microsoft's Remote Desktop Protocol (RDP) increased significantly during the new coronavirus epidemic.
They found that 52 percent of the stolen RDP credentials came from Chinese users, including more than 20,000 registered accounts.
During the epidemic, many businesses around the world increasingly used Microsoft RDP as a way to help employees work from home, a system that enables remote workers to log into their office computers and access business networks.
A report from McAfee shows that the number of Internet RDP ports affected by this has increased from 3 million in January to 4.5 million at the end of March this year.
However, this growth has also led to a surge in the number of "dark web" markets where RDP credentials are sold online. While providing tremendous convenience, the telecommuting, teleworking model created by the epidemic has created tremendous opportunities for hackers.
The company found that 52 percent of the stolen RDP certificates came from Chinese users, including more than 20,000 registered accounts.
While the number of stolen registered accounts exposed in the U.S. was roughly the same, only 4 percent of the stolen users McAfee found were from the U.S.
Experts note that while the Microsoft Remote Desktop Protocol was critical to telecommuting during the outbreak, it could also put the entire network at risk, given that many companies rushed to install such software at the start of the outbreak.
Once hackers have attacked and taken control of the RDP port, they can easily use it to send spam through the company's mail server. Worse, they can use remote access to spread malware throughout the intranet.
According to McAfee's research, most of the RDP ports that were attacked were not caused by advanced malware, but simply "brute-force" simple passwords.
More importantly, there are a significant number of exposed RDP ports that do not require a password at all, many using common passwords such as "123456".
Securing remote desktop access is key to protecting the business network when employees work from home and remotely, McAfee suggests, at a minimum, limiting RDP connections to open networks and requiring complex passwords and multi-factor authentication to log in.
Steve Grobman, McAfee's CTO, said, "The telecommuting, telecommuting model creates new opportunities, but also requires new defense mechanisms and practices."