One cybersecurity firm’s 2023 incident metrics showed how VNC and RDP were the tools most targeted by malevolent actors

In examining and analyzing cyber threats handled in its user protection ecosystem in the past year, a cybersecurity firm has noticed some cybersecurity trends.

The 2023 metrics showed that cross-platform Virtual Network Computing (VNC) tools had accounted for 98% of the traffic across all remote desktop-specific ports, and it was the most targeted remote desktop tool. Around 60% of attack attempts were found to have originated from China.

The next most targeted tool in the firm’s data was the Remote Desktop Protocol (RDP) by Microsoft, accounting for about 1.6% of the attempted attacks detected. It appears that larger attacks against networks and data were more likely to involve RDP than VNC.

Other remote desktop tools targeted by attackers in the firm’s protection ecosystem included TeamViewer, Independent Computing Architecture, AnyDesk, and Splashtop Remote.

According to Jonathan Tanner, Senior Security Researcher, Barracuda, the firm that disclosed its 2023 threat trends: “Remote desktop solutions are useful and popular business tools that allow employees to connect into their computer network from wherever they are. Unfortunately, they are also a prime target for cyberattacks. (With so many) different tools available — each using different and sometimes several virtual connection points or ports — it is harder for IT security teams to monitor for malicious connections and subsequent intrusion. Standardizing on one remote desktop solution across the organization will enable the IT team to focus resources on managing, monitoring, and securing the associated ports, blocking other traffic.”

The firm also recommends implementing defence-in-depth security solutions that can spot suspicious port traffic across the network. This should be complemented by robust security policies and programs, such as restricting remote service access to those who need it, using secure connections such as a VPN, and regularly updating software with the latest patches. Authentication methods should include the use of strong passwords, with multifactor authentication (MFA) as a minimum, ideally moving to a zero trust approach.