SAN FRANCISCO, Nov. 18, 2019 – Expanse, the leader in Internet Operations Management for IT and Security, today unveiled new findings from a study conducted with 451 Research that found a startling prevalence of exposed Remote Desktop Protocol (RDP) instances on the networks of Fortune 500 companies. When an RDP server is exposed on the Internet, it increases the likelihood that attackers will find and attempt to breach it. Attackers can sometimes even use RDP servers as an entry point to gain unauthorized access to other parts of corporate networks. Recent news showing that attackers have exploited the BlueKeep vulnerability on RDP servers make it critical that organizations know which RDP servers they have online, and have either removed them from the Internet or taken steps to mitigate the risk.
Over the course of a two-week research period in 2019, Expanse researchers found that 53.4 percent of the Fortune 500 had at least one RDP exposure. Alarmingly, Expanse found that those in the seemingly most technologically sophisticated and well-funded industries had at least one RDP exposure. For example, 75 percent of aerospace and defense, 74.4 percent of technology, 55 percent of business services, and 51.2 percent of financial services organizations had at least one RDP exposure in the time period examined. Expanse also found that companies with a higher reported IT spend were not any less likely to have at least one RDP exposure than those with a low IT spend, showing that higher IT spending does not indicate that a company is more protected from having an RDP exposure.
“These findings should be a wake-up call for Fortune 500 companies on the importance of knowing their global Internet attack surface,” said Matt Kraning, CTO and co-founder of Expanse. ”The risks posed by RDP vulnerabilities like BlueKeep are severe, and it’s critical that the world’s largest and most complex organizations know what assets they have exposed to the Internet. We hope this research will help large enterprises understand the breadth of the security challenges facing them so they can take action before it’s too late.”
“We’ve reviewed data that shows a startling prevalence of RDP exposures in some of the world’s leading organizations,” said Eric Hanselman, Chief Analyst at 451 Research and author of the report. “It’s critical that companies know what devices and services they have exposed to the Internet and take steps to proactively manage their risk profile.”
Organizations today face a myriad of challenges discovering, monitoring, and securing the devices and infrastructure they have exposed on the Internet. Asset management and security tools can help organizations manage and secure Internet Assets that they already know about. However, it can be challenging to discover and secure unknown assets that have been deployed outside of managed processes.
To address this business-critical situation, Expanse Expander helps organizations discover and track all of their known and unknown Internet Assets. Expanse Behavior provides a complete, outside-in view of risky communications associated with those assets. Expanse Link enables global organizations to manage their strategic suppliers by accurately identifying and managing their Internet Assets and risks. These solutions make up the Expanse Internet Operations Management Platform and are pivotal in helping the world’s leading organizations manage and secure their global Internet attack surface, on-premise and in the cloud.
About the Report:
The data in this study was derived from the Expanse Internet Operations Management Platform, which continuously collects and correlates petabytes of active and passive data on every system connected to the public internet using a globally distributed, dynamically changing sensor network. This study examined RDP exposures associated with all Fortune 500 companies over a two-week period in April 2019. Researchers also examined the prevalence of RDP exposures across industries, as well as the relationship between IT spending as a percentage of company revenue and RDP exposures. The analysis of the Expanse data set should be of great interest to organizations looking to improve their cybersecurity posture and reduce the risks associated with unknown exposures on their network. The full research report can be downloaded here.