Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.

There are about 33,000 RDP servers on the Internet that can be abused in amplification attacks, Netscout said. Besides using UDP packets, RDP can also rely on TCP packets.

The ability to use a revoked password to log in through RDP occurs when a Windows machine that’s signed in with a Microsoft or Azure account is configured to enable remote desktop access.

Cybercriminals can exploit Microsoft Remote Desktop Protocol (RDP) as a powerful tool to amplify distributed denial-of-service (DDoS attacks), new research has found.

Image: ZDNet // Catalin Cimpanu. Cyber-security firm Kaspersky says the number of brute-force attacks targeting RDP endpoints rose sharply since the onset of the coronavirus (COVID-19) pandemic.