Port and network scanners allow to find computers with this protocol enabled, and the hackers find out the access data with the so-called “brute-force attacks” to connect to them. They consist of testing all possible combinations until you get the right one, which allows to take complete control of the server and thus to install a ransomware, keylogger, disable security measures…
In order to protect our devices against these attacks it is necessary to take certain security measures. Some are very simple, like using a username and password as long and complicated as possible or disable the Administrator account** so that they can not connect through it.
It will also serve as a security barrier configure users with permission to use this protocol properly, thus preventing third parties from connecting through users who don´t have this feature.
Reducing the number of login attempts before the user account is blocked from the Administration tools will also work as protection against this type of attack.
Finally, changing the port that is used will make it appear that the port is closed, blocked and as if we did not use the RDP protocol, so that in the results of the scanners will appear that we are not using this protocol.
Source: Redes Zone