Windows Remote Desktop Protocol servers are abused by attackers to amplify DDOS attacks

The Microsoft Remote Desktop Protocol service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure access to Windows servers. Attackers found a way to abuse the new UDP amplification attack vector by targeting Windows servers with RDP enabled on UDP/3389 have an amplification ratio of 85.9:1 and peak at ~750Gbps. According to Netscout advisory, there are 14.000 vulnerable Windows RDP servers that are reachable over the Internet. Read more...