Security News > 2023 > June > RDP honeypot targeted 3.5 million times in brute-force attacks
Hackers swarm to RDP. An experiment using high-interaction honeypots with an RDP connection accessible from the public web shows how relentless attackers are and that they operate within a daily schedule very much like working office hours.
The attack count for the entire year reached 13 million login attempts.
As expected, the compromise attempts relied on brute-force attacks based on multiple dictionaries and the most common username was "Administrator" and variation of it.
One interesting observation when correlating these statistics with the attack IP addresses is that the RDP certificate name was used exclusively in login attempts from IPs in China and Russia.
Bergeron noticed an eight-hour gap between attacks and inferred that it could indicate an attacker working in shifts.
The human touch and the level of sophistication were also visible in attacks that were customized for the target as well as in adding a delay between each login attempt, to mimic a real person's activity.