Kaspersky, a global cybersecurity company, revealed it blocked more than 23 million brute-force attacks targeting businesses in Southeast Asia (SEA) during the first half of 2024. These attacks exploited weak passwords and vulnerable systems to gain unauthorized access.
Brute-force attacks systematically test possible passwords to find the correct combination. If successful, cybercriminals can access sensitive data, spread malware, or take control of systems for harmful purposes. Between January and June, Kaspersky’s business-to-business solutions detected and stopped 23,491,775 instances of Bruteforce.Generic.RDP (Remote Desktop Protocol) attacks in the region.
Vietnam, Indonesia, and Thailand recorded the highest number of incidents, with over 8.4 million, 5.7 million, and 4.2 million attacks, respectively. Other countries, such as the Philippines, Singapore, and Malaysia, also faced significant activity, ranging from 1 million to over 2 million attempts.
“These attacks remain a concern because many organizations still use weak passwords,” said Yeo Siang Tiong, general manager for Southeast Asia, Kaspersky. “Without multi-factor authentication and proper configuration of Remote Desktop Protocol settings, businesses increase their exposure to these threats.”
Artificial intelligence
RDP, a Microsoft tool that allows users to access computers remotely, is commonly targeted in brute force attacks. Once attackers crack an RDP login, they can control systems and access critical information.
“Cybercriminals are now leveraging artificial intelligence (AI) to automate and enhance these attacks, making them faster and more efficient,” Yeo said. “Organizations risk data breaches, operational disruptions, and financial losses from downtime, recovery, and regulatory penalties if their systems are compromised.”
Kaspersky encourages businesses to strengthen their defenses by using strong passwords, enabling multi-factor authentication, and regularly reviewing their RDP settings.