We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
"Human Involvement Behind Remote Desktop Protocol Brute-Force Attacks" by Andréanne Bergeron
Andréanne Bergeron's research reveals the human side of remote desktop protocol (RDP) brute-force attacks, including the use of public proxies, human-like behavior, and automation to evade detection and compromise systems.
- Andréanne Bergeron’s research reveals that human involvement is a crucial aspect of remote desktop protocol (RDP) brute-force attacks.
- Attackers often use proxies to hide their identities and locations, but many are using public proxies or even residential IP addresses.
- The majority of attackers are not successful, with an average of 50 attempts before giving up.
- Human-like behavior is observed in the attack patterns, with attackers often pausing between attempts and reusing successful combinations.
- The use of automated tools is common, but humans are also involved in the attack process, making it harder to detect and defend against.
- Attackers are collecting information about target systems, including user names and passwords, to increase the chances of success.
- The study found that 12 most tried user names and 12 most tried passwords are commonly used by attackers.
- The use of strong passwords, password rotation, and account lockout policies can help prevent successful attacks.
- Andréanne suggests that the use of human-like behavior in attacks may be a way to evade detection, and that attackers may be trying to mimic human behavior to avoid being blocked.
- The study also found that attackers are using various tools and techniques to evade detection, including the use of VPNs and the creation of fake user accounts.
- The results of the study highlight the importance of monitoring and analyzing attack patterns to better understand the tactics and techniques used by attackers.
- Andréanne concludes that attackers are using a combination of human and automated techniques to compromise RDP systems, and that defenders must be prepared to detect and respond to these types of attacks.