The number of attacks using Remote Desktop Protocol (RDP) to endanger the business environment has increased dramatically in recent months, Kaspersky reports.
As employees around the world have been forced to work from home as a result of the current COVID 19 pandemic, business traffic has increased significantly, as has the use of third party services to maintain communication and team effectiveness.
In addition, organisations are forced to set up additional systems on the Internet to give their employees remote access, and cyber criminals have already taken advantage of this situation.
According to Kaspersky, the number of violent attacks on the RDP has increased dramatically worldwide. At the beginning of March, the security company observed hundreds of thousands of attempts at POPs per country per day, but by the end of the month this had risen to almost a million attacks per day in some countries. In other cases it was over a million.
During the blocking process, there were a large number of computers and servers that could be connected remotely, and now we are seeing an increase in cybercrime to take advantage of the situation to attack assets that are now available (sometimes in haste) to remote employees, Kaspersky said.
Advertisers try to connect to Windows workstations or servers using Microsoft’s proprietary protocol by systematically trying to use frequent or weak combinations of usernames and passwords or random symbols until the correct option is found.
The attackers assumed that the number of misconfigured RDP servers would increase after a massive transfer of house, and immediately tried to exploit the situation.
According to Kaspersky, attacks on remote access infrastructures and interaction tools are expected to continue for a long time to come.
Organizations using RDP for operations are advised to accept strong passwords, make RDP available only on the Enterprise VPN, configure and use Network Level Authentication (NLA), allow two-factor authentication, and disable and close the RDP port (port 3389) when the protocol is not in use.
Companies must keep a close eye on the programs they use and update them on all business devices in a timely manner. This is currently a challenge for many organizations, as the early transition to teleworking has forced many employees to work or connect to home computer assets that often do not meet corporate cyber security standards, Kaspersky concluded.
That’s what it looks like: Nationally supported hackers have carried out attacks on KOVID fear19 : Google
That’s what it looks like: Organizations have warned of a double threat from RDP and Disruptive Ransomware.
That’s what it looks like: The RDP-based telecommunications sectors in the United States and Hong Kong.
Ionat Argir is the international correspondent for Security Week.
Previous chronicles of Ionat Argir: