Remote Work Surge Exposes Corporate Servers to Hackers
As companies rapidly transition to remote work, the number of corporate servers accessible to cybercriminals from the internet is soaring, according to experts at the Solar JSOC Cyber Threat Monitoring and Response Center. One of the main reasons is the use of the unsecured Remote Desktop Protocol (RDP) for remote access.
RDP Usage on the Rise
Solar JSOC reports that in just one week, the number of devices accessible via RDP from the internet increased by 15% in Russia (now over 76,000 devices) and by 20% worldwide (over 3 million devices). RDP, developed by Microsoft for remote management of Windows operating systems, is currently the most popular way to connect to a work environment. However, by default, RDP uses port 3389, and if a company’s IT department does not pay close attention to remote access security, corporate servers become highly vulnerable to attackers.
Security Risks and Recent Vulnerabilities
It is not uncommon for remote servers to be visible and accessible from the internet, allowing anyone to attempt a connection. Attackers can exploit this by bypassing identification and authentication systems. To assess the scale of these threats, Solar JSOC experts analyzed and monitored the number of devices accessible via RDP from March 17 to March 24, a period when many companies began switching to remote work. During this week, the number of such devices grew by 15% in Russia and 20% globally.
“The statistics are alarming, especially since there have recently been several major vulnerabilities affecting remote desktop services—BlueKeep and DejaBlue. Both allow attackers to access remote servers without authentication simply by sending a specially crafted request via RDP. This means that any system accessible from the internet without the latest Windows security updates is vulnerable,” commented Igor Zalevskiy, head of the JSOC CERT Cyber Incident Investigation Center at Rostelecom-Solar.
Recommendations for Secure Remote Access
Solar JSOC experts note that every month, new RDP-related vulnerabilities are patched in Windows security updates. For this reason, it is highly inadvisable to use standard, unsecured remote desktop access. At a minimum, companies are recommended to use VPNs with two-factor authentication and to implement remote access based on secure protocols.