The Specops Software research team recently published new research that analyzed passwords being used to attack Remote Desktop Protocol (RDP) ports in live network attacks. The report reveals the 10 most common passwords attackers are using and analyzes their wordlists for the most common complexity rules and password lengths.
The launch of the report coincides with the latest addition of over 85 million compromised passwords to the Specops Breached Password Protection service. These passwords come from Specops honeypot network and threat intelligence sources. The top 10 passwords most commonly used to breach RDP ports are:
- 123456
- 1234
- Password1
- 12345
- P@ssw0rd
- password
- Password123
- Welcome1
- 12345678
- Aa123456
In addition to providing remote access capabilities to remote and hybrid workers, the RDP port can also give remote servers the ability to provide maintenance, set up, and troubleshooting, regardless of their location. It offers an easy way to remotely connect to corporate environments, which unfortunately also makes it a target for hackers.
Attackers are on the lookout for exposed RDP servers as these can be easy targets for brute force attacks. Additionally, attackers may conduct password spraying attacks on RDP servers and try known breached credentials on exposed servers. Many organizations find that monitoring RDP servers reveals hundreds if not thousands of failed log attempts on their servers from hackers, bots, ransomware attacks, and others.
Additional information from the report found:
- 24 percent of all honeypot attack passwords are solely numbers.
- Enabling push-spam resistant MFA to RDP connections adds a layer of protection, even if the password was to be breached.
- Keeping Windows servers and clients patched and up to date will help protect against CVEs.
- Ensuring the TCP port 3389 is using an SSL connection and isn’t exposed directly to the internet, can help deter attacks.
- Limiting the range of IP addresses that can use RDP connections will also help protect against intrustions.