I have seen these bruteforce attacks a few years ago, where my DSL connection kept intermittently slowing down to the point that I couldn’t stream video. At first I thought my ISP was at fault until I brought up TCPView and saw a large number of connections constantly being made and dropped on port 3389, i.e. a bruteforce attack. The only way I was able to stop these attacks was by changing the port number.
Microsoft has the following guide to changing the remote desktop port number:
Once the port is changed (and router port forwarding configuration), the way you connect is host:port, e.g. if the hostname is username.dyndns.org and the port # is 6921, then you would connect enter username.dyndns.org:6921 for the remote desktop address.