top of page
  • Writer's pictureAnup Ghosh

9 out of 10 Cyber Attacks Use RDP

The Download

Sophos published a research report analyzing 150 incident response cases its IR team worked in 2023. In a startling statistic, Sophos IR team found that the Remote Desktop Protocol (RDP) was abused in 90% of the incidents. Initial access to the network breach used RDP 65% of the time.

RDP is used to remotely login to other machines. It has no inherent security built into it, such as multifactor authentication or encryption. As such, an adversary can take leaked or stolen credentials from the Dark Web and login to victim networks.

What You Can Do

If it isn't obvious, do not run RDP on any external services. It is considered so risky that cyber insurance underwriters will disqualify a client if they are running RDP on the client's external attack surface. So, block RDP ports in the firewall. Using a secure VPN is a better alternative when remote access behind the firewall is required. Additionally the Sophos report informs us RDP is used behind the network. We suggest using secure protocols such as SSH behind the firewall.

In all cases you should be scanning your attack surfaces, externally and behind the firewall for RDP and other insecure services.

To Learn More:



bottom of page