Detections of RDP password-guessing attacks declined from 123 billion in the first four months of the year to 13 billion in the period May–August, according to new data from ESET.
The security vendor’s Threat Report series is compiled using telemetry from its products. Unusually, it analyzes the threat landscape over four-month periods, with this report covering T2 2022: May–August.
It revealed an 89% decline in total RDP attack detections from T1 to T2 2022, and a 23% drop in unique clients reporting attacks over the period.
Most of the attacks recorded were aimed at targets in Poland, the US and Spain, with Russian IPs accounting for most (31%) detections.
ESET pointed to several drivers behind the decline in RDP compromise attempts, including changes in working patterns, which may mean remote connections are being used less, and defensive improvements.
“The reasons for the decline remain the same as in T1: less remote work, better countermeasures implemented by security and IT departments, and Russia’s war with Ukraine, which seems to have impacted portions of the attacking infrastructure,” the report explained.
“Another factor that might cause further drops in RDP attacks is the default protection in Windows 11 against brute-force attacks. However, its effects will probably become apparent only after more organizations have adopted the newest version of that operating system.”
RDP is a top-three initial access vector for ransomware, so the news will be greeted with some relief by corporate IT security departments. However, it has come alongside a surge in attacks using vulnerability exploits.
A Secureworks report out this week claimed that vulnerability exploitation accounted for 52% of ransomware incidents it investigated over the past 12 months, making it the number one initial access vector.
However, ESET’s report claimed that password guessing still accounted for the largest number of network intrusions (41%) over the past four months, followed by exploitation of Log4j (13%).