October 12, 2021

How do hackers find vulnerable computers in the global network?

Exactly one week ago at our office was enabled RDP in a Windows 10 PC. One week passed and that PC was infected with **ransomware**. So, how do these guys find PCs like this one in the global network?



Bots are constantly scanning every public IP around the clock. Just watch the access logs and the number of requests that will come in unsolicited, it’s insane. In addition to bots, there are tools like Shodan which are publically available and actively scan and report on all IPs and their suspected vulnerabilities. This is the nature of an open internet. From an attackers standpoint, it’s a numbers game: if I assume .001% of machines are poorly configured, then I only need to scan 100,000 IPs to find a vulnerability.




Nmap scanning of random IPs might be a start.


Scanning the world themselves.

Or services like shodan.io

One week is 5 days longer than i would have given it…


Shodan.io is a great source too


It takes more than just enabling RDP on a PC. They would still need a way through your perimeter. Was RDP exposed to the internet at the firewall?


Sounds like someone left the firewall off on the pc.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.