Why it’s important to secure your Virtual Machines

Ever wondered what would happen if you accidentally created a VM with a Public IP without any additional security measures in place? Well, I thought I would give it a go over the weekend, and the results were rather interesting.

It’s worth noting that I am only looking at failed RDP requests. I am not counting any other scans or attempts to access the VM.

For the test, I used an isolated environment. I created a Windows 2019 Datacenter VM with a public IP address; I removed the NSG and allowed ICMP on the VM’s firewall. I wanted to make the VM as easy as possible to find. I ran the VM for about 30 hours in total.

During this time, I had a total of 11602 Failed Login Attempts.

I was interested to see what usernames the bad actors were attempting to use; as you can see below, Administrator and similar names are still the most popular.

Some of the less common usernames included:


I exported the IP addresses and used the IP Geolocation lookup to see where the attempted access originated; as you can see, most of it is from the usual suspects.

Microsoft offers numbers security features to prevent this, which include:

I must admit this was a bit of fun, but on a serious note, make sure you have the necessary security in place. It’s a scary world we live in.