Microsoft’s Remote Desktop Protocol (RDP) is a cutting-edge technology that enables users to access and control another computer over a network, effectively allowing them to have their office computer with them wherever they go. For businesses, this translates to IT staff being able to manage systems remotely and employees being able to work from home or anywhere, making RDP a true game-changer in today’s work environment.

However, the fact that RDP is accessible over the internet also makes it a prime target for unethical hackers. If someone gains unauthorized access, they could potentially take control of the system. Therefore, it is crucial to secure RDP properly.

The Reliance of IT Teams on RDP, Despite the Risks

Over 50 percent of Kaseya’s small and medium-sized businesses (SMBs) and Managed Service Providers (MSPs) customers utilize RDP for daily operations due to its efficiency and flexibility:

• Cost and Downtime Reduction – IT teams can resolve technical issues remotely, eliminating travel expenses and delays.
• Business Continuity Support – Employees and administrators can securely access company systems from any location.
• Scalable IT Management Enablement – MSPs can oversee multiple client networks from a single interface.

Despite its benefits, RDP’s widespread use makes it an attractive attack vector, requiring constant vigilance to secure properly.

New Concerns: The Rise of Port 1098 Scans

Typically, RDP communicates over port 3389. However, recent security reports, such as one from the Shadowserver Foundation in December 2024, have highlighted a worrying trend. Hackers are now scanning port 1098, an alternative route that many are not familiar with, to find vulnerable RDP systems.

To put this into perspective, honeypot sensors have observed up to 740,000 different IP addresses scanning for RDP services every day, with a significant number of these scans coming from a single country. Attackers use these scans to locate systems that may be misconfigured, weak, or unprotected, and then attempt to force their way in by guessing passwords or exploiting other weaknesses.

For businesses, especially SMBs and MSPs, this means a higher risk of serious issues like data breaches, ransomware infections, or unexpected downtime.

Staying Up-to-Date with Security Patches

Microsoft is aware of these risks and regularly releases updates to fix security vulnerabilities. In December 2024, for example, Microsoft addressed nine major vulnerabilities related to Windows Remote Desktop Services. These fixes targeted a range of issues identified by security experts, ensuring that known weaknesses couldn’t be easily exploited.

Then, in January’s update, two additional critical vulnerabilities (labeled CVE-2025-21309 and CVE-2025-21297) were patched. Both of these vulnerabilities, if left unaddressed, could allow attackers to remotely execute harmful code on a system without the need for passwords.

How Kaseya’s vPenTest Proactively Helps Secure RDP and More

RDP exposed to the internet is often a misconfiguration rather than an intended configuration. In the last 28,729 external network pentests performed, 368 instances of RDP exposed to the public internet were found. On internal networks, 490 instances of Bluekeep were discovered.

For organizations seeking a proactive method to protect their external and internal networks, tools like vPenTest are invaluable. vPenTest offers:

• Automated Network Pentesting: The platform performs both external and internal network pentests, allowing IT professionals to proactively protect and test security controls by simulating attacks against the networks they manage.
• Multi-Tenant: The platform is designed for multi-functional IT teams juggling multiple tasks, enabling them to manage all pentest engagements for multiple companies within the platform.
• Detailed Reporting and Dashboard: vPenTest generates a set of reports, including an Executive Summary and a detailed Technical Report, and features a dashboard for each assessment, allowing IT professionals to quickly review findings, recommendations, and affected systems.

For the first time in tech history, IT professionals can execute real network pentests against the organizations they manage at scale and on a more frequent basis.

How Datto EDR Helps Secure RDP

For organizations seeking an extra layer of protection, tools like Datto Endpoint Detection and Response (EDR) are invaluable. Datto EDR offers:

• Real-Time Threat Detection: It monitors RDP traffic for unusual behavior, such as unexpected access attempts or strange port usage, and raises alerts if something seems off.
• Automated Responses: When suspicious activity is detected, the system can automatically block or isolate the threat, stopping potential breaches in their tracks.
• Detailed Reporting: Comprehensive logs and reports help administrators understand what happened during an incident, allowing them to strengthen their defenses for the future.

This means that with Datto EDR, businesses can enjoy the benefits of RDP while keeping their systems safer from modern threats.

Practical Tips to Lock Down RDP

Here are some straightforward tips to help secure your RDP setup:

• Timely Patching: Always install updates as soon as they are available, as vendors frequently release patches to address new vulnerabilities.
• Limit Exposure: Restrict RDP access to trusted personnel only and consider changing the default port (3389) to something less predictable.
• Use Multi-Factor Authentication: Adding extra steps for verification, such as MFA and Network Level Authentication, makes it much harder for attackers to gain access.
• Enforce Strong Passwords: Ensure that passwords are complex and meet a minimum length requirement to help thwart brute-force attacks.

By taking these steps, you can significantly reduce the risk of your RDP services becoming an entry point for cyberattacks.

RDP Isn’t Going Away—But Security Needs to Improve

RDP is an essential tool that has transformed how businesses operate, enabling remote work and efficient system management. However, as with any powerful tool, it comes with its own set of risks. With attackers now exploring new avenues like port 1098 and continuously finding ways to exploit vulnerabilities, it’s crucial to stay on top of security updates and best practices.

By keeping your systems patched, limiting access, using multi-factor authentication, and employing advanced security solutions like Datto EDR, you can enjoy the flexibility of RDP without compromising your organization’s security.

Stay safe and stay updated!