Attacks on Remote Desktop Protocol have soared

(Image credit: italii Vodolazskyi / Shutterstock)

Cybercriminals’ password-guessing game against Remote Desktop Protocol services has never been this strong, according to ESET. The company has published a report in which they claim to have detected 55 billion new brute-force attacks in the second quarter of the year.

In its “ESET threat report T2 2021”, the company says the number represents a 104% surge in brute-force attacks, compared to the first quarter of 2021. 

Pulling data from its detection systems, ESET said the average number of daily attacks, per unique client, increased “impressively”, doubling from 1,392 attempts per machine, per day, in the first quarter of the year, to 2,756 attempts in the second quarter. RDP access - RDP access - $49.75 $4.98
Save 90% off on Remote Desktop! For only $4.98 for the first year, Get remote desktop access via RDP to up to five Windows computers, laptops, IoT devices and servers.

These password-guessing attacks, ESET further claims, often serve as a “gateway for ransomware”. However, cryptocurrency-related incidents have fallen into a downtrend, the company told The Register. 

Poor follow-up

"Our data suggest a strong connection between cryptocurrency price and cryptocurrency-related attacks – mainly when it comes to cryptomining," Roman Kováč, chief research officer at ESET, told the publication.

There could be multiple reasons why a surge in brute-force attacks wasn’t followed up by a similar surge in ransomware, including the fact that the prices of the most popular cryptocurrencies have been steadily declining since hitting an all-time high in early April.

However, ESET believes that the two high-profile attacks (Colonial Pipeline and the Kaseya incident) drew the attention of law enforcement agencies, which not only shut down a number of ransomware operators (Emotet, for example), but also scared others away, as well.

“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field,” Kováč explained further. “The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features.”

Via: The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.