After a lot of buzz about Bluekeep, a remote, wormable vulnerability in the Windows RDP Protocol and adding to the great article by my colleague Mike Mastrole about protecting RDP servers from authorized network access, Sophos just published some research on how vulnerable those servers might be to brute force attacks.

The research shows how quickly RDP servers were targeted (less than 2 minutes up to 15 hours, probably depending on the network range).

They also received 4.3 million login attemtps and while it may seem obvious, the conclusion makes a lot of sense, do not leave any RDP server open to the internet, turn off unneeded RDP access whereever possible and segment access to it off.