Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.
Link to original article
No wonder. Considering how many of them are exposed.
Yes. Simply enabling RDP publicly on a machine with no overarching security controls such as federation to an IDP, or at the very least, 2FA to protect the login is simply asking for trouble.