Remote Desktop Protocol (RDP) is an incredible technology developed by Microsoft that allows you to access and control another computer on a network. It’s like having an office computer wherever you go. For businesses, this means IT staff can manage their systems remotely, allowing employees to work from home or anywhere, making RDP a true game changer in today’s work environment.
But here’s the catch. RDP is also a major target for unethical hackers as it is accessible via the internet. If someone gains unauthorized access, they could take over your system. Therefore, it is extremely important to properly protect your RDP.
Why Teams Rely on RDP despite the Risk
Over 50% of Kaseya Small Businesses (SMBs) and Managed Service Providers (MSPs) customers use RDP in their daily operations for their efficiency and flexibility.
Reduce costs and downtime – IT teams can solve technical issues remotely and eliminate travel costs and delays. Support business continuity – Employees and managers can securely access their corporate systems from anywhere. Enables scalable IT management. MSPS can oversee multiple client networks from a single interface.
Despite its advantages, the widespread use of RDP is an attractive attack vector, requiring constant vigilance to ensure it is adequate.
New concern: The rise of the port 1098 scan
Normally, RDP communicates on port 3389. However, recent security reports, such as the December 2024 Shadowserver Foundation, highlight some worrying trends. Hackers are currently scanning port 1098, an alternative route that many people don’t know much about, to find vulnerable RDP systems.
To put this in perspective, the Honeypot sensor scans RDP services with up to 740,000 different IP addresses every day, and a considerable number of these scans come from one country. These scans allow attackers to try to force their way by finding misunderstood, weak or unsecured systems and guessing passwords or exploiting other weaknesses.
For businesses, especially SMBs and MSPs, this means there is a high risk of serious issues such as data breaches, ransomware infections, or unexpected downtime.
Keep up with security patches
Microsoft is aware of these risks and regularly releases updates to fix security vulnerabilities. For example, in December 2024, Microsoft addressed nine major vulnerabilities related to Windows Remote Desktop Services. These fixes cover a variety of issues identified by security experts and ensure that known weaknesses cannot be easily exploited.
Then, in the January update, two additional important vulnerabilities (labeled CVE-2025-21309 and CVE-2025-21297) patched. Both of these vulnerabilities can allow attackers to run harmful code remotely on their systems without requiring a password.
How Kaseya’s Vpentest helps to proactively protect RDP and more
Internet exposed RDP is often more misconception than intended. In the last 28,729 external network pentests we’ve run, we were able to find 368 instances of RDP exposed to the public internet. In the internal network, 490 instances of BlueKeep were found.
For organizations looking for proactive ways to protect their external and internal networks, tools like VPentest can be invaluable. vpentest offer:
Automatic Network Pentting: The platform performs pentests for both external and internal networks. IT professionals can perform the same attacks as attackers against the network, actively protecting and testing security controls. Multi-tenant: The platform is a purpose built for multi-functional IT teams juggling multiple tasks. IT professionals can manage all pentest engagements for multiple companies within the platform. Detailed Reports and Dashboards: VPentest generates a series of reports that include executive summary and highly detailed technical reports. The platform also has a dashboard for each assessment, allowing IT professionals to quickly view findings, recommendations, and affected systems.
For the first time in technology history, IT professionals can perform real network pen tests for organizations that manage at scale and for organizations that manage more frequently.
How Datto EDR helps you secure your RDP
For organizations looking for an additional layer of protection, tools like Dut Endpoint Detection and Response (EDR) can be invaluable. Dut EDR offer:
Real-time threat detection: Monitor RDP traffic due to abnormal behavior, such as unexpected access attempts or strange port use, and raises an alert if something is missing. Automated Response: When suspicious activity is detected, the system can automatically block or isolate the threat and stop potential violations of the track. Detailed Reports: Comprehensive logs and reports can help administrators understand what happened during the incident, allowing them to enhance future defenses.
This means that with Datto EDR, businesses can keep their systems safer from modern threats while reaping the benefits of RDP.
Practical Tips for Locking RDP
Here are some simple tips to protect your RDP setup:
Timely Patch: Install the update as soon as it becomes available. Vendors frequently release patches to address new vulnerabilities. Limited exposure: Consider limiting RDP access to only trusted personnel and changing the default port (3389) to a predictable one. Use multifactor authentication. Adding additional steps (such as MFA or network-level authentication) for verification makes it much more difficult for attackers to access. Ensure strong passwords: Make sure your passwords are complex and meet the minimum length requirements that help to prevent brute force attacks.
By performing these steps, you can significantly reduce the risk that RDP services become entry points for cyberattacks.
RDP will not disappear, but security needs to be improved
RDP is an important tool that changes the way businesses operate, enabling remote work and efficient system management. However, just like powerful tools, it comes with its own set of risks. As attackers are currently exploring new paths like port 1098 and continually finding ways to take advantage of vulnerabilities, it’s important to be aware of security updates and best practices.
By patching your system, restricting access, using multifactor authentication, and using advanced security solutions such as Datto EDR, you can enjoy the flexibility of RDP without compromising your organization’s security.
Stay safe and stay up to date!
Source link
