Why it’s important to secure your Virtual Machines

Ever wondered what would happen if you accidentally created a VM with a Public IP without any additional security measures in place? Well, I thought I would give it a go over the weekend, and the results were rather interesting.

It’s worth noting that I am only looking at failed RDP requests. I am not counting any other scans or attempts to access the VM.

For the test, I used an isolated environment. I created a Windows 2019 Datacenter VM with a public IP address; I removed the NSG and allowed ICMP on the VM’s firewall. I wanted to make the VM as easy as possible to find. I ran the VM for about 30 hours in total.

During this time, I had a total of 11602 Failed Login Attempts.

I was interested to see what usernames the bad actors were attempting to use; as you can see below, Administrator and similar names are still the most popular.

Some of the less common usernames included:

\Recepcao\qaz889\skytek\w\P@ssword123!
\0022\jyp\mysql\emill\Auditor
\21\2z6pqi3\faturamento\Staff\PURCHASING
\camp\PRAXIS\test123\17\SUPPORT_388945a0

I exported the IP addresses and used the IP Geolocation lookup to see where the attempted access originated; as you can see, most of it is from the usual suspects.

Microsoft offers numbers security features to prevent this, which include:

I must admit this was a bit of fun, but on a serious note, make sure you have the necessary security in place. It’s a scary world we live in.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.