GreyNoise reports a sharp increase in coordinated scans targeting Microsoft RDP portals, potentially to identify vulnerabilities for future attacks. The surge coincides with the US back-to-school season, raising concerns about new exploits or increased threat activity. #GreyNoise #RDPWebClient #CredentialAttacks
Keypoints
- A spike in scanning activity involving nearly 2,000 IP addresses targeting RDP portals has been observed.
- The scans aim to identify timing flaws that could aid in username verification and subsequent credential-based attacks.
- The majority of the malicious IPs share the same signature, mostly originating from Brazil and targeting US systems.
- The increased activity aligns with the US back-to-school period, when educational institutions bring systems online.
- Securing RDP portals with multi-factor authentication and VPNs is strongly recommended for Windows administrators.