Top passwords used in RDP brute-force attacks

Specops Software released a research analyzing the top passwords used in live attacks against Remote Desktop Protocol (RDP) ports. This analysis coincides with the latest addition of over 34 million compromised passwords to the Specops Breached Password Protection Service, which now includes over 3 billion unique compromised passwords.

RDP over TCP Port 3389 is a popular way to provide IT teams remote network access to remote workers. While attacks on RDP ports grew during the COVID-19 pandemic as a result of the rise of remote work, the port has continued to be a popular attack method for criminals despite many workers returning to the office. Password-related attacks continue to top the list of attack methods, with recent research finding brute force password guessing accounts for 41% of all intrusion vectors.

In an analysis of over 4.6 million passwords collected in October 2022 from Specops Software’s honeypot system, the most common base terms found in passwords used to attack TCP Port 3389 included:

• Password
• p@ssw0rd
• Welcome
• admin
• Passw0rd
• p@ssword
• pa$$w0rd
• qwerty
• User
• test

Additionally, an analysis of port attack data including the RDP port and others revealed several password patterns, with more than 88% containing 12 characters or less, nearly 24% containing just 8 characters, and just under 19% containing only lowercase letters.

“Weak passwords continue to leave organizations vulnerable to attacks on RDP ports and other systems, but it doesn’t have to be this way,” said Darren James, Head of Internal IT, Specops Software. “It is imperative that organizations adopt stronger password policies, such as requiring longer passphrases, introducing length-based password aging, and blocking compromised passwords.”