Do you know if you are exposing RDP to the internet? Time to head over to shodan to see if they see you…:
Security researchers are watching a new botnet, GoldBrute, which is currently brute-forcing a list of roughly 1.5 million remote desktop protocol (RDP) servers exposed online. The ongoing campaign is one of many scanning for vulnerable servers and using weak or reused passwords to access them.
RDP has been making headlines since Microsoft disclosed “BlueKeep,” a remote code execution vulnerability that includes RDP in its attack chain. But botnets have been hunting vulnerable RDP servers for years, explains Renato Marinho, chief research officer at Morphus Labs, in a blog post. GoldBrute uses its own list, which it continues to build as it scans for credentials.