Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment.
But here’s the catch: because RDP is accessible over the internet, it’s also a prime target for unethical hackers. If someone gains unauthorized access, they could potentially take over your system. That’s why it’s so important to secure RDP properly.
Why IT Teams Depend on RDP, Despite the Risks
More than 50 percent of Kaseya’s small and medium-sized businesses (SMBs) and Managed Service Providers (MSPs) customers use RDP for daily operations due to its efficiency and flexibility:
- Reduces Costs and Downtime – IT teams can resolve technical issues remotely, eliminating travel expenses and delays.
- Supports Business Continuity – Employees and administrators can securely access company systems from any location.
- Enables Scalable IT Management – MSPs can oversee multiple client networks from a single interface.
Despite its benefits, RDP’s widespread use makes it an attractive attack vector, requiring constant vigilance to secure properly.
New Concerns: The Rise of Port 1098 Scans
Typically, RDP communicates over port 3389. However, recent security reports – like one from the Shadowserver Foundation in December 2024 – have highlighted a worrying trend. Hackers are now scanning port 1098, an alternative route that many aren’t as familiar with, to find vulnerable RDP systems.
To put this into perspective, honeypot sensors have observed up to 740,000 different IP addresses scanning for RDP services every day, with a significant number of these scans coming from a single country. Attackers use these scans to locate systems that may be misconfigured, weak, or unprotected, and then they can try to force their way in by guessing passwords or exploiting other weaknesses.
For businesses, especially SMBs and MSPs, this means a higher risk of serious issues like data breaches, ransomware infections, or unexpected downtime.
Keeping Up with Security Patches
Microsoft is aware of these risks and regularly releases updates to fix security vulnerabilities. In December 2024, for example, Microsoft addressed nine major vulnerabilities related to Windows Remote Desktop Services. These fixes targeted a range of issues identified by security experts, ensuring that known weaknesses couldn’t be easily exploited.
Then, in January’s update, two additional critical vulnerabilities (labeled CVE-2025-21309 and CVE-2025-21297) were patched. Both of these vulnerabilities, if left unaddressed, could allow attackers to remotely execute harmful code on a system without the need for passwords.
How Kaseya’s vPenTest Proactively Helps Secure RDP & More
RDP exposed to the internet is more often a misconfiguration than an intended configuration. In the last 28,729 external network pentests we have performed, we were able to find 368 instances of RDP exposed to the public internet. On internal networks we have found 490 instances of Bluekeep.
For organizations looking for a proactive method to protect their external and internal networks, tools like vPenTest are invaluable. vPenTest offers:
- Automated Network Pentesting: The platform will perform both external and internal network pentests. IT Professionals are now able to perform the same attacks as an attacker against the networks they manage to proactively protect them and test security controls.
- Multi-Tenant: The platform is purpose built for the multi-functional IT Team juggling multiple tasks. IT Professionals are able to manage all pentest engagements for multiple companies within the platform.
- Detailed Reporting and Dashboard: vPenTest will generate a set of reports including an Executive Summary and a very detailed Technical Report. The platform also has a dashboard for each assessment so IT Professionals can quickly review findings, recommendations and affected systems.
For the first time in tech history, IT Professionals are now able to execute a real network pentest against the organizations they manage at scale and on a more frequent basis.
How Datto EDR Helps Secure RDP
For organizations looking for an extra layer of protection, tools like Datto Endpoint Detection and Response (EDR) are invaluable. Datto EDR offers:
- Real-Time Threat Detection: It monitors RDP traffic for unusual behavior—like unexpected access attempts or strange port usage—and raises alerts if something seems off.
- Automated Responses: When suspicious activity is detected, the system can automatically block or isolate the threat, stopping potential breaches in their tracks.
- Detailed Reporting: Comprehensive logs and reports help administrators understand what happened during an incident, so they can strengthen their defenses for the future.
This means that with Datto EDR, businesses can enjoy the benefits of RDP while keeping their systems safer from modern threats.
Practical Tips to Lock Down RDP
Here are some straightforward tips to help secure your RDP setup:
- Timely Patching: Always install updates as soon as they’re available. Vendors frequently release patches to address new vulnerabilities.
- Limit Exposure: Restrict RDP access to trusted personnel only and consider changing the default port (3389) to something less predictable.
- Use Multi-Factor Authentication: Adding extra steps for verification (like MFA and Network Level Authentication) makes it much harder for attackers to gain access.
- Enforce Strong Passwords: Ensure that passwords are complex and meet a minimum length requirement to help thwart brute-force attacks.
By taking these steps, you can significantly reduce the risk of your RDP services becoming an entry point for cyberattacks.
RDP Isn’t Going Away—But Security Needs to Improve
RDP is an essential tool that has transformed how businesses operate, enabling remote work and efficient system management. However, as with any powerful tool, it comes with its own set of risks. With attackers now exploring new avenues like port 1098 and continuously finding ways to exploit vulnerabilities, it’s crucial to stay on top of security updates and best practices.
By keeping your systems patched, limiting access, using multi-factor authentication, and employing advanced security solutions like Datto EDR, you can enjoy the flexibility of RDP without compromising your organization’s security.
Stay safe and stay updated!
