Almost two in three (65%) cyber campaigns targeting small to mid-sized businesses (SMBs) attack one of three popular TCP ports, namely port 22 (SSH, 35%), port 80 (HTTP, 15%) and port 443 (HTTPS, 15%), a new report by Alert Logic found.

The fourth most targeted port is 3389, which is used for Microsoft’s Remote Desktop Protocol (RDP). This year, several critical vulnerabilities were discovered in RDP that put outdated implementations at risk of remote attacks. The flaws include CVE-2019-1181, CVE-2019-1182, and CVE-2019-0708. Alert Logic also discovered that most SMBs put themselves at risk of attacks by using weak encryption (66%) and outdated software (75%).

Read more: Most Cyber Attacks Focus on Just Three TCP Ports