From January to June 2021, a total of 47,602,256 brute-force attacks versus Remote Desktop Protocol (RDP) were detected and blocked by Kaspersky in Vietnam.
According to Kaspersky’s RDP statistics, this number accounts for 42% of the attempted attacks against users of Kaspersky solution in the Southeast Asia region with Microsoft’s RDP installed on their desktops.
|RDP brute force attacks blocked by Kaspersky in H1 2021|
A brute-force attack uses trial-and-error to work through all possible combinations, hoping to guess correctly the login info, encryption keys, or find a hidden web page. The Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
Although the brute-force attack is an old method, it’s still effective and popular with hackers. By targeting a device running Windows and using RDP and trying to find the correct RDP login or password pair, hackers can gain remote access to the host computer and get many benefits, such as: profiting from ads or collecting activity data, stealing personal data and valuables, spreading malware to cause disruptions, hijacking systems for malicious activity, and ruining a website’s reputation.
Compared to the same period in 2020, there is an increase of 37% in attempted attacks against users in Vietnam. Explaining the reason for the increase in brute-force attacks, experts said that the first half of 2021 is the period when businesses in Vietnam promote the application of information technology and digital transformation.
Moreover, the complicated situation of the epidemic also creates an opportunity for cybercriminals to take advantage of companies’ hurried transition to work from home and the lack of preparation as well as poorly configuration of RDP servers to perform brute-force attacks.
As working from home is here to stay, Kaspersky recommends employers and businesses to to take all possible protection measures:
- At the very least, use strong passwords.
- Make RDP available only through a corporate VPN.
- Use Network Level Authentication (NLA).
- If possible, enable two-factor authentication.
- If you don’t use RDP, disable it and close port 3389.
- Use a reliable security solution.
Companies need to closely monitor programs in use and update them on all corporate devices in a timely manner. This is no easy task for many companies at present, because the hasty transition to remote working has forced many to allow employees to work with or connect to company resources from their home computers. Our advice is as follows:
- Provide training on basic cyber hygiene to your employees. Help them to identify the most common types of attacks that occur in the company, and provide basic knowledge in identifying suspicious emails, websites, text messages.
- Use strong, complex and different passwords to access every company resource
- Use Multi-Factor Authentication or two-factor authentication especially when accessing financial information or logging into corporate networks.
- Where possible, use encryption on devices used for work purposes.
- Enable access to RDP through a corporate VPN
- Always prepare for backup copies of critical data.
- Use a reliable enterprise security solution with network threat protection such as Kaspersky Endpoint Security for Business