Exclusive: Over half of Fortune 500 exposed to remote access hacking

What is RDP: RDP is a way of offering virtual access to a single computer. It allows, for example, an IT staffer in one office to provide tech support for a baffled user in a different office.

• But RDP is best used over a secured network rather than over the open internet.
• "We compare exposed RDP to leaving a computer attached to your network out on your lawn," Matt Kraning, co-founder and CTO of Expanse, told Axios.
• It's an opinion shared by experts at McAfee and Sophos, who note that in the absence of multifactor authentication, the protocol can often be hacked into with only a few hours guessing common passwords.
• Even in ideal circumstances, when passwords are strong, a malicious actor could overwhelm an RDP connection with traffic (known as a DDoS attack).

What they found: The Expanse/451 study found that 53.4% of Fortune 500 companies had an RDP exposure over a two-week period scanning for open RDP ports.

• The technical sophistication of the companies didn't seem to have much impact on RDP exposures. For example, around 80% of hospitality industry companies and just under 80% of defense and aerospace companies had at least one exposure, even though defense and aerospace are among the most security-conscious sectors.
• Cybersecurity budget, either as a percentage of the annual budget or total spending, also had no consistent effect on exposure. By percentage of budget, 43% of companies in the lowest-spending quartile had exposures, compared to 53% of those in the top spending quartile.

The bottom line: The threat of RDP exposures often fly under the radar. "IT staffs are really good at looking at what they know about, but not at what they don’t," said Kraning.

• "If Fortune 500 companies have exposures, what chance do smaller companies have," he added.

Go deeper:

• Iranian nationals indicted for SamSam ransomware campaign
• You can buy RDP access to major airport's security system for $10 on the dark web