Windows 11 now has its Account Lockout Policy activated by default in a bid to cut down on Remote Desktop Services attacks
In an effort to reduce Remote Desktop Services attacks, Microsoft has confirmed that the Account Lockout Policy is now enabled by default in Windows 11. The functionality, which automatically locks down Windows accounts after 10 consecutive failed login attempts, was added in a recent security update that was made available with Windows 11 Insider Preview builds 22528.1000 and newer, the company said. There is a 10-minute lockout. In a brute-force assault, a threat actor tries an endless number of login credential combinations until one of them succeeds. Microsoft hopes that this change will help put an end to the practice.
Cybercriminals use Remote Desktop Services as a very common attack method. According to the FBI, the Remote Desktop Protocol (RDP) is the starting point for 70 to 80 percent of network breaches that lead to ransomware attacks. The COVID-19 pandemic only made matters worse because, according to Kaspersky, there was a sharp increase in attacks against RDP users in 2020.
RDP makes it simple for individuals to connect to their corporate computers while working remotely, which has come in handy for many people during the pandemic. However, if a cybercriminal is successful in gaining access to RDP on a user’s PC, they will have the same rights and access to information as they do. This will enable them to, for example, install and turn off the antivirus software on the compromised endpoint (opens in a new tab).
At the time, Kaspersky claimed that businesses all around the world have experienced a spike in generic brute-forcing assaults, in which thieves use automated scripts to try innumerable password and user ID combinations in an effort to obtain valid credentials. Users of Windows 10 already have access to this functionality, but users must first activate it, leaving vulnerable systems with default configurations. Administrators can enable the feature in the Group Policy Management Console if they are interested.