This technique appears to be the preferred method to hack corp. networks based on the recent postings on ransomware infections I have seen. That is RDP brute force attacks. Now for the "good part." When the victims were advised to lock down their RDP ports, the response has been they won't do it lest they block client connections. -EDIT- A specific recent example: https://forum.eset.com/topic/13651-powershell-script-possible-malicious-attack/ http://www.securityweek.com/ransomware-targets-smbs-rdp-attacks