According to Kaspersky’s telemetry, when the most of world went into lockdown in March 2020, brute force attacks against RDP (remote desktop protocol) skyrocketed from 93.1 million (globally) in February 2020 to 277.4 million 2020 in March, that is a 197% increase.
From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November.
“On a daily average, our solutions foiled almost 600,000 RDP brute force attacks here in Southeast Asia last year. Our latest numbers also showed that cybercriminals are not interested in taking a break. In the first two months of 2021, we have already detected more than 65 million attempts to exploit this remote working tool which is 30% of 2020’s total incidents,” said Chris Connell, managing director for Asia Pacific at Kaspersky.
Advanced threat actors in APAC target government, military entities in cyber espionage campaign
Kaspersky discovers 23% of online users always allow apps access to microphones, webcams
Kaspersky’s telemetry showed a trend — a slow but steady increase in the number of attacks against RDP being used in the Southeast Asian (SEA) region, hitting the highest in the month of September 2020 with 31,019,009 brute force attacks. Overall, the global cybersecurity company blocked a total of 214,054,408 RDP exploits in SEA.
Many employees working remotely are connected to computers running Windows or simply put, they use RDP. It enables not only interaction with desktop elements, but also access to other device resources. RDP was conceived as a remote administration tool but is often used by intruders to penetrate the target computer. By exploiting incorrectly configured RDP settings or system software vulnerabilities, cybercriminals can intercept an RDP session and log in to the system with the victim’s permissions.
RDP is perhaps the most popular remote desktop protocol and is used to access Windows workstations or servers. After the switch to remote work, brute force attacks against this protocol skyrocketed. In a brute-force attack, attackers test different usernames and passwords until the correct combination is found and they gain access to the corporate resources.
Brute-force attacks
In February 2021, nearly one year from the start of the pandemic, there were 377.5 million brute-force attacks, which is a far cry from the 93.1 million witnessed at the beginning of 2020.
“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” Dmitry Galov, security expert at Kaspersky. “That means it is likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. (The year) 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access.”
In the Philippines, the highest number of attempted attacks against RDP was recorded in August 2020 (1,306,318). A total of 6,979,713 attacks against RDP in the country were blocked by Kaspersky in 2020.
“The sheer number of attacks we’ve identified and we continue to monitor paints a worrying picture of the increasing vulnerability employees working from home are exposed to,” Connell said. “The pandemic’s second and third waves are still happening, unfortunately, so we see that remote work is here to stay at least for a long while. We call on business owners, from the largest enterprises to small and medium businesses, to consider putting up basic endpoint solutions and utilize adaptive training to repel these malicious attempts online.”
KEDRO
Understanding the financial challenges being faced by small businesses in SEA, Kaspersky is currently offering discounts for its latest Kaspersky Endpoint Detection and Response Optimum (KEDRO) solution.
The promo for this comprehensive tool stands for new and existing customers valid on 10-999 nodes across the region until June 30, 2021. Customers can get up to 33% in savings for a 1-year license, and up to 40% for three years.
Interested SMB owners can find out more about this promo here.
Categories: Cybersecurity