Hackers Targeting RDP Services from 100,000+ IP Addresses

Author

Taylor Hawes
October 13, 2025

🔎 Cyber Watch 🔎

War Department Rolls Out New Cybersecurity Defense Framework

Hackers Targeting RDP Services from 100,000+ IP Addresses

A new botnet campaign is probing Remote Desktop Protocol (RDP) endpoints at scale. GreyNoise reported that attacks are coming from over 100,000 unique IPs across more than 100 countries — all aiming to exploit RDP infrastructure.

Attackers leverage two main techniques:

  • RD Web Access timing attack to infer valid usernames by measuring response delays.

  • RDP login enumeration through systematic login attempts to find weak credentials.

What defenders should do: 

  • Monitor logs for unusual RDP access patterns or spikes in failed attempts. 

  • Use GreyNoise’s “microsoft-rdp-botnet-oct-25” dynamic blocklist to block known malicious IPs. 

  • Enforce strong passwords and adopt multi-factor authentication (MFA) for all RDP users.

🎙️ Tech Briefing On‑Air 🎙️

Identity, Access, and You

In this episode, Yale’s cybersecurity team breaks down identity and access management (IAM) in a relatable way.

Takeaways: 

  • IAM is more than just passwords — it’s about controlling who can do what and when. 

  • A useful metaphor: IAM = airport security — checking credentials, granting access, preventing threats. 

  • MFA fatigue is becoming real. The podcast explores ways to avoid users getting tired of security prompts. 

  • Practical advice: use unique passwords, MFA, and adopt “least privilege” access principles/

If your team’s IAM sounds like “everyone gets admin,” this is a good listen to rethink access strategies.

🤝 Partner Intel 🤝

Graylog

Graylog started as an open-source log processing tool and has since evolved into a full log management and security monitoring platform. It now offers Graylog Open (free log manager), Graylog Enterprise (paid, hosted), Graylog Security (cloud SIEM for threat detection, alerts, compliance) and Graylog API Security (monitoring and vulnerability scanning for APIs). Graylog Security can ingest logs from multiple sources, correlate events, provide custom alerts, and help with compliance reporting (GDPR, HIPAA, PCI) — all while being more affordable than many traditional SIEMs. Its flexibility, unified operations + security visibility, and scalability make it attractive.

🤖 AI Runtime 🤖

The Perils of AI Browsers

This article examines risks introduced by AI-powered browsers — tools that embed generative AI directly into browser interfaces. 

Some concerns raised:

  • They may inject unwanted content or manipulate web pages in hidden ways.

  • User privacy becomes more vulnerable: more tracking, more data collection by AI agents.

  • Attackers might exploit browser-AI integrations to carry out phishing, code injection, or other novel attack vectors.

In short: adding AI into browsers adds power — and risk. Always vet such tools before deployment, watch for unexpected behavior, and separate browsing & sensitive workflows.

📊 By the Numbers 📊

5.5 Million

More than 5.5 million individuals and organizations were directly affected by severe cybersecurity breaches last week.

🗳️ Your Monday Take 🗳️

Cast your vote on our weekly poll.

As more services integrate AI into key workflows (e.g. browser agents, chat UIs, productivity tools), which is the bigger security risk?

Login or Subscribe to participate in polls.

📩 We’ll share the results in the Friday issue.

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Wednesday’s edition - Let’s keep that zero-day count at zero!