RDP Attacks Surged by 330% in The US Amid Pandemic

According to data extracted and analyzed by Atlas VPN, remote desktop protocol (RDP) attacks rocketed by 330% in the US amid the COVID-19 pandemic.

Due to lockdowns, many office-workers gained access to corporate windows workstations or servers via Microsoft’s client software called RDP. Cybercriminals took advantage of sometimes inadequately protected networks. Subsequently, RDP brute-force attacks sky-rocketed in the last few months.

These attacks systematically attempt numerous username and password combinations until the correct one is found. A successful attack gives the cybercriminal remote access to the target computer or server in the corporate network.

The start of the RDP attack increase correlates almost perfectly with the start of lockdowns. Italy was the first to announce a public wide lockdown on March 9, 2020. The US began lockdowns a bit later, starting from March 19, 2020, in California.

From March 10, 2020, RDP brute-force attacks spiked the most in the US, Spain, Italy, Germany, France, Russia, and China.

RDP-attack-graph

In the US, the attacks peaked on April 7, 2020, with a total number of 1,417,827 attacks. Comparing the period of February 9 - March 9, 2020, to March 10 - April 10, 2020, the RDP attacks in the US jumped by 330%

In Spain, hackers were most active on March 19, 2020, with 1,332,796 attacks in a single day. Comparing total attack volume from February 9-March 9, 2020, to March 10-April 10, 2020, RDP attacks targeting workstations and servers in Spain shot up by 524%.

In Italy, the attacks peaked more than three weeks earlier than in the US, the exact date being March 19, 2020, with 979,761 attacks in a single day. Comparing the period of February 9 - March 9, 2020, to March 10 - April 10, 2020, the hacking attempts surged by 428%

In Germany, the attacks reached their peak on April 12, 2020, with a total of 830,992 hacking attempts. Comparing the period of February 9 - March 9, 2020, to March 10 - April 10, 2020, the attacks increased by 237 %

In France, the number of attacks per day peaked relatively soon, on March 11, with a total of 872,130 cyber-attacks. Comparing the period of February 9 - March 9, 2020, to March 10 - April 10, 2020, the amount of RDP attacks soared by 251%.

Users in Russia experienced most hacker attacks on April 15, 2020. Threat actors carried out 962,949 remote desktop take-over attempts during these 24 hours. RDP attacks jumped by 316% from early February to early March.

Users located In China saw the most significant number of attacks on April 9, 2020, with 199,127 cyber-attacks. Comparing the aforementioned periods, RDP attacks increased by 170% during the pandemic.

Over 148 million RDP attacks during lockdowns

From the start of lockdowns on March 10, 2020, until April 15, 2020, hackers attacked the US, Spain, Italy, Germany, France, Russia, and China a total of over 148 million times combined.

In the US, from March 10, 2020, until April 15, 2020, hackers carried out 32,299,662 remote desktop brute-force attacks. Meaning, the US is the most attacked country on the list. On average, throughout this period, there were 872,964 attacks daily.

In Spain, throughout March 10-April 15, hackers attacked workstations and corporate servers 25,510,199 times. On average, hackers attacked users in Spain 689,465 times per day.

In Italy, during March 10-April 15, 2020, threat actors attempted 22,966,303 attacks in total. On an average day throughout this period, cybercriminals attacked users in Italy 620,711 times.

In Germany, from March 10 to April 15, 2020, fraudsters tried to hack into unsuspecting user’s computers 22,800,196 times in total. During this period, criminals tried to hack German citizens around 616,222 times per day.

From March 10 until April 15, 2020, hackers attacked users from France 21,870,103 times. On average, threat actors carried out 591,084 cyber-attacks.

In Russia, throughout the same period, individuals and organizations in Russia experienced 19,466,441 RDP brute-force attacks. Cybercriminals tried to take over Russian residents’ workstations or servers about 526,120 times daily.

Finally, In China, from March 10, 2020, until April 15, 2020, criminals carried out 3,338,478 cyber-attacks in total. In other words, Chinese users experienced around 90,229 RDP threats per day.


Anton P.

Anton P.


Tags: VPN