Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks.
According to statistics from the Shodan search engine, by last Sunday, March 29, 2020, the number of RDP endpoints increased from 3,000,000 at the beginning of the year to almost 4,400,000. These data include only endpoints running on the standard RDP 3389 port.
“A similar surge of activity is also observed on port 3388, which is regularly use system administrators to protect RDPs from attacks. In this case, activity increased by 36.8% (from 60,000 at the beginning of the year to 80,000 now)”, – says John Matherly, the founder and head of Shodan.
Similarly is growing the number of different servers using VPN protocols, such as IKE and PPTP: from 7,500,000 to almost 10,000,000 to date.
However, these figures reflect the situation only with corporate VPN servers, while the use of consumer-level VPNs is also growing rapidly. The fact is that as majority users are now stuck at home, they are increasingly resorting to use VPN applications to bypass geographic blocking.
These data are also confirm representatives of the Top10VPN website, which note the growth of the entire market and, in particular, record a 65% increase in demand for VPNs in the USA (compared to the previous quarter).
“We’ve observed significant growth in other protocols (HTTPS) but one of the important areas where we’ve seen a worrying increase in exposure is for industrial control systems (ICS). The growth (16.4%) is not as large as for other protocols but these are ICS protocols that don’t have any authentication or security measures. We had actually seen a stagnation in the ICS exposure up until now. And there have been significant advancements in OT security so there are plenty of secure options to choose from”, — reports John Matherly.
This data is not surprising, Shodan only confirmed the reflection of the Internet during the pandemic. But it also indicates increased risks: the most popular vectors of attacks, according to the report of FireEye company, were brute force attacks on open RDP ports aimed at phishing employees.[box]Reference:
The Remote Desktop Protocol (RDP) is a common way for Windows users to remotely manage their workstation or server. However, it has a history of security issues and generally shouldn’t be publicly accessible without any other protections (ex. firewall whitelist, 2FA).[/box]