Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment.
But here’s the catch: because RDP is accessible over the internet, it’s also a prime target for unethical hackers. If someone gains unauthorized access, they could potentially take over your system. That’s why it’s so important to secure RDP properly.
More than 50 percent of Kaseya’s small and medium-sized businesses (SMBs) and Managed Service Providers (MSPs) customers use RDP for daily operations due to its efficiency and flexibility:
Despite its benefits, RDP’s widespread use makes it an attractive attack vector, requiring constant vigilance to secure properly.
Typically, RDP communicates over port 3389. However, recent security reports – like one from the Shadowserver Foundation in December 2024 – have highlighted a worrying trend. Hackers are now scanning port 1098, an alternative route that many aren’t as familiar with, to find vulnerable RDP systems.
To put this into perspective, honeypot sensors have observed up to 740,000 different IP addresses scanning for RDP services every day, with a significant number of these scans coming from a single country. Attackers use these scans to locate systems that may be misconfigured, weak, or unprotected, and then they can try to force their way in by guessing passwords or exploiting other weaknesses.
For businesses, especially SMBs and MSPs, this means a higher risk of serious issues like data breaches, ransomware infections, or unexpected downtime.
Microsoft is aware of these risks and regularly releases updates to fix security vulnerabilities. In December 2024, for example, Microsoft addressed nine major vulnerabilities related to Windows Remote Desktop Services. These fixes targeted a range of issues identified by security experts, ensuring that known weaknesses couldn’t be easily exploited.
Then, in January’s update, two additional critical vulnerabilities (labeled CVE-2025-21309 and CVE-2025-21297) were patched. Both of these vulnerabilities, if left unaddressed, could allow attackers to remotely execute harmful code on a system without the need for passwords.
RDP exposed to the internet is more often a misconfiguration than an intended configuration. In the last 28,729 external network pentests we have performed, we were able to find 368 instances of RDP exposed to the public internet. On internal networks we have found 490 instances of Bluekeep.
For organizations looking for a proactive method to protect their external and internal networks, tools like vPenTest are invaluable. vPenTest offers:
For the first time in tech history, IT Professionals are now able to execute a real network pentest against the organizations they manage at scale and on a more frequent basis.
For organizations looking for an extra layer of protection, tools like Datto Endpoint Detection and Response (EDR) are invaluable. Datto EDR offers:
This means that with Datto EDR, businesses can enjoy the benefits of RDP while keeping their systems safer from modern threats.
Here are some straightforward tips to help secure your RDP setup:
By taking these steps, you can significantly reduce the risk of your RDP services becoming an entry point for cyberattacks.
RDP is an essential tool that has transformed how businesses operate, enabling remote work and efficient system management. However, as with any powerful tool, it comes with its own set of risks. With attackers now exploring new avenues like port 1098 and continuously finding ways to exploit vulnerabilities, it’s crucial to stay on top of security updates and best practices.
By keeping your systems patched, limiting access, using multi-factor authentication, and employing advanced security solutions like Datto EDR, you can enjoy the flexibility of RDP without compromising your organization’s security.
Stay safe and stay updated!
