Microsoft's February security update fixes the vulnerability that can result in reverse RDP attacks in the built-in Windows RDP client, but third-party RDP clients are still vulnerable, Check Point said.
The shift to remote work has caused a spike in the number of RDP servers exposed to the Internet, along with an increase in the number of scans for those servers.
Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.
Attacks using Remote Desktop Protocol continue to be tremendously successful. It turns out many attackers are combining RDP attacks with ransomware.
A new botnet is scanning the internet and brute-forcing Remote Desktop Protocol connections to compile a list of vulnerable hosts, usernames, and passwords.