- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
RDP Attacks Decline 89% in Eight Months
Detections of RDP password-guessing attacks declined from 123 billion in the first four months of the year to 13 billion in the period May–August, according to new data from ESET.
The security vendor’s Threat Report series is compiled using telemetry from its products. Unusually, it analyzes the threat landscape over four-month periods, with this report covering T2 2022: May–August.
It revealed an 89% decline in total RDP attack detections from T1 to T2 2022, and a 23% drop in unique clients reporting attacks over the period.
Most of the attacks recorded were aimed at targets in Poland, the US and Spain, with Russian IPs accounting for most (31%) detections.
ESET pointed to several drivers behind the decline in RDP compromise attempts, including changes in working patterns, which may mean remote connections are being used less, and defensive improvements.
“The reasons for the decline remain the same as in T1: less remote work, better countermeasures implemented by security and IT departments, and Russia’s war with Ukraine, which seems to have impacted portions of the attacking infrastructure,” the report explained.
“Another factor that might cause further drops in RDP attacks is the default protection in Windows 11 against brute-force attacks. However, its effects will probably become apparent only after more organizations have adopted the newest version of that operating system.”
RDP is a top-three initial access vector for ransomware, so the news will be greeted with some relief by corporate IT security departments. However, it has come alongside a surge in attacks using vulnerability exploits.
A Secureworks report out this week claimed that vulnerability exploitation accounted for 52% of ransomware incidents it investigated over the past 12 months, making it the number one initial access vector.
However, ESET’s report claimed that password guessing still accounted for the largest number of network intrusions (41%) over the past four months, followed by exploitation of Log4j (13%).
