Thanks for the info, guys. Wow, I'm surprised that this isn't something included in ESET. Just seems a bit weird to me, since it detects port scanning and other unusual network traffic... Mind kinda blown, really.
I don't think a lockout policy would help with this particular attack. It looks like credential stuffing, and I haven't seen the same account name attempted twice, although they may circle back through.
I'll look for alternate solutions. I don't think this is particular to RDP, though. Multiple brief connections from IPs across the globe looks suspicious to me, regardless of the port and the attached service.