Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks.
Según statistics from the Shodan search engine, by last Sunday, Marzo 29, 2020, the number of RDP endpoints increased from 3,000,000 at the beginning of the year to almost 4,400,000. These data include only endpoints running on the standard RDP 3389 puerto.
“A similar surge of activity is also observed on port 3388, which is regularly use system administrators to protect RDPs from attacks. En este caso, activity increased by 36.8% (de 60,000 at the beginning of the year to 80,000 ahora)", – says John Matherly, the founder and head of Shodan.
Similarly is growing the number of different servers using VPN protocols, such as IKE and PPTP: de 7,500,000 to almost 10,000,000 to date.
Sin embargo, these figures reflect the situation only with corporate VPN servers, while the use of consumer-level VPNs is also growing rapidly. The fact is that as majority users are now stuck at home, they are increasingly resorting to use VPN applications to bypass geographic blocking.
Por ejemplo, la semana pasada, NordVPN developers reported that since March 11, the number of users has grown by 165%, while Atlas VPN speaks of a 124% increase in VPN usage among US users only.
These data are also confirm representatives of the Top10VPN website, which note the growth of the entire market and, En particular, record a 65% increase in demand for VPNs in the USA (en comparación con el trimestre anterior).
“We’ve observed significant growth in other protocols (HTTPS) but one of the important areas where we’ve seen a worrying increase in exposure is for industrial control systems (ICS). The growth (16.4%) is not as large as for other protocols but these are ICS protocols that don’t have any authentication or security measures. We had actually seen a stagnation in the ICS exposure up until now. And there have been significant advancements in OT security so there are plenty of secure options to choose from”, — reports John Matherly.
This data is not surprising, Shodan only confirmed the reflection of the Internet during the pandemic. But it also indicates increased risks: the most popular vectors of attacks, according to the report of FireEye company, fueron ataques de fuerza bruta a puertos RDP abiertos dirigidos a empleados de phishing.
The Remote Desktop Protocol (PDR) is a common way for Windows users to remotely manage their workstation or server. Sin embargo, it has a history of security issues and generally shouldn’t be publicly accessible without any other protections (ex. firewall whitelist, 2FA).
