Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.

There are about 33,000 RDP servers on the Internet that can be abused in amplification attacks, Netscout said. Besides using UDP packets, RDP can also rely on TCP packets.

Even after users change their account password, however, it remains valid for RDP logins indefinitely. In some cases, Wade reported, multiple older passwords will work while newer ones won’t.

Cybercriminals can exploit Microsoft Remote Desktop Protocol (RDP) as a powerful tool to amplify distributed denial-of-service (DDoS attacks), new research has found.

Image: ZDNet // Catalin Cimpanu. Cyber-security firm Kaspersky says the number of brute-force attacks targeting RDP endpoints rose sharply since the onset of the coronavirus (COVID-19) pandemic.