McAfee: 52% of Chinese users have RDP remotely attacked during the outbreak because passwords are too simple

A new study by security firm McAfee found that the number of attacks on Microsoft Remote Desktop Protocol (RDP) increased significantly during the new coronavirus outbreak, and found that 52 percent of stolen RDP certificates came from Chinese users, including more than 20,000 registered accounts. During the outbreak, microsoft RDP was increasingly used by companies around the world as a way to help employees work from home, a system that enables remote workers to log on to their office computers and access business networks.

As a result, the number of Internet RDP ports rose from 3m in January to 4.5m at the end of March, according to a report by mcAfee, a security firm. However, this growth has also led to a surge in the number of “dark web” markets that sell RDP vouchers online. While providing great convenience, home-based, telecommuting models caused by the outbreak also create huge opportunities for hackers.

52% of stolen RDP certificates come from China

The company found that 52 per cent of stolen RDP certificates came from Chinese users, including more than 20,000 registered accounts. While the number of stolen registered accounts exposed in the U.S. is roughly the same, only 4 percent of the stolen accounts found by McAfee come from the United States.

Experts say that while Microsoft Remote Desktop protocols are critical for telecommuting during the outbreak, it could also put the entire network at risk, given that many companies rush to install such software at the start of the outbreak.

Once the RDP port is hacked and controlled, they can easily use it to send spam through the company’s mail server. To make matters worse, they can use remote access to spread malware across the entire internal network.

The password for most RDP ports is too simple

McAfee: 52% of Chinese users have RDP remotely attacked during the outbreak because passwords are too simple

Surveys show most attacks target China and the U.S.

McAfee’s research points out that most of the RDP ports that are compromised are not caused by advanced malware, but simply by “violently cracking” simple passwords. What’s more, a significant number of exposed RDP ports don’t require passwords at all, and many use common passwords like “123456.”

Ensuring the security of remote desktop access is key to securing your business network when employees are at home and telecommuting. McAfee recommends limiting RDP connections on open networks at least and requiring complex passwords and multifactor authentication to log on.

Steve Grobman, McAfee’s chief technology officer, said: “Home office, telecommuting, creates new opportunities, as well as new defense mechanisms and practices. “