Cybercriminals continue to take advantage of the unprecedented number of employees working from home and researchers from Kaspersky have observed a huge spike in attacks targeting users of Microsoft Remote Desktop.
Remote Desktop Protocol (RDP) allows users to easily connect to their work computers at the office while working remotely which has proven quite useful for many during the pandemic. However, if a cybercriminal is able to gain access to RDP on a user's computer, they would have the same permissions and access to data and folders that they do.
According to Kaspersky, organizations around the world have seen increased generic brute-forcing attacks where cybercriminals utilize automated scripts to try countless combinations of passwords and user IDs in an attempt to find working credentials.
- Remote working sees one in five adopt new technology
- Half of remote workers feel vulnerable to growing cyberattacks
- These are the best business VPN providers
The number of brute-force RDP attacks was around 100,000 to 150,000 per day back in January and February of this year. However, at the beginning of March, the number of attacks shot up to almost a million per day.
Brute-force attacks
In a blog post, security research at Kaspersky, Dmitry Galov explained how cybercriminals took advantage of the mass transition to remote working to launch brute-force attacks targeting RDP, saying:
“Attacks of this type are attempts to brute-force a username and password for RDP by systematically trying all possible options until the correct one is found. The search can be based on combinations of random characters or a dictionary of popular or compromised passwords. A successful attack gives the cybercriminal remote access to the target computer in the network. Brute-force attackers are not surgical in their approach, but operate by area. As far as we can tell, following the mass transition to home working, they logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks.”
To prevent falling victim to these kinds of attacks, it is recommended that users implement strong passwords and two-factor authentication to protect their accounts. Accessing RDP through a corporate VPN is another security measure that employees working from home can take to secure their remote connections
- We've also highlighted the best remote desktop software
Via ThreatPost
