Millions of remote desktop accounts are being attacked every week

(Image credit: Microsoft)

Cybercriminals continue to take advantage of the unprecedented number of employees working from home and researchers from Kaspersky have observed a huge spike in attacks targeting users of Microsoft Remote Desktop.

Remote Desktop Protocol (RDP) allows users to easily connect to their work computers at the office while working remotely which has proven quite useful for many during the pandemic. However, if a cybercriminal is able to gain access to RDP on a user's computer, they would have the same permissions and access to data and folders that they do.

According to Kaspersky, organizations around the world have seen increased generic brute-forcing attacks where cybercriminals utilize automated scripts to try countless combinations of passwords and user IDs in an attempt to find working credentials.

The number of brute-force RDP attacks was around 100,000 to 150,000 per day back in January and February of this year. However, at the beginning of March, the number of attacks shot up to almost a million per day.

Brute-force attacks

In a blog post, security research at Kaspersky, Dmitry Galov explained how cybercriminals took advantage of the mass transition to remote working to launch brute-force attacks targeting RDP, saying:

“Attacks of this type are attempts to brute-force a username and password for RDP by systematically trying all possible options until the correct one is found. The search can be based on combinations of random characters or a dictionary of popular or compromised passwords. A successful attack gives the cybercriminal remote access to the target computer in the network. Brute-force attackers are not surgical in their approach, but operate by area. As far as we can tell, following the mass transition to home working, they logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks.”

To prevent falling victim to these kinds of attacks, it is recommended that users implement strong passwords and two-factor authentication to protect their accounts. Accessing RDP through a corporate VPN is another security measure that employees working from home can take to secure their remote connections

Via ThreatPost

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.