Lockdown sees rise in brute force attacks of over 100,000 daily

News by Rene Millman

Windows Remote Desktop Protocol gets hit hard by hackers seeking to take advantage of employees working from home.

Coronavirus has prompted hackers into carrying out over 100,000 brute force attacks against the Windows Remote Desktop Protocol per day.

According to a report by Eset, its telemetry data showed a doubling of attacks over the pandemic period as the number of remote workers increased. While this has led to an increased use of Windows’ Remote Desktop Protocol (RDP) to allow workers to connect to the corporate network from remote computers, organisations have neglected to increase security with employees using easy-to-guess passwords and with no additional layers of authentication or protection.

“That is probably also the reason why RDP has become such a popular attack vector in the past few years, especially among ransomware gangs. These cybercriminals typically brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions and then run ransomware to encrypt crucial company data,” said researchers.

The data revealed that most of the attacks originated from IP addresses in the US, China, Russia, Germany, and France. Most targeted countries were Russia, Germany, Japan, Brazil and Hungary.

Robert Ramsden-Board, VP EMEA, Securonix, told SC Media UK that the fact that there are more than 100,000 brute-force attacks targeting Windows RDP every day highlights the extent of the challenges that we are facing.

“Despite the significant warning, many accounts on the Windows platform have substituted security for convenience with weak passwords or credential sharing. Indeed, it is the companies themselves who have the responsibility for the security of their corporate data,” he said.

“As things stand currently, many companies have little awareness of the security posture their employees are taking while working from home. It is essential for companies to ensure that they are able to secure sensitive information in a more fluid working environment, which may continue for a significant time. This may mean conducting security training courses to highlight the importance of adequate cyber-hygiene. If we are to win the fight against cybercriminals, then we must enforce a security-conscious mindset that transcends office walls.”

Nigel Thorpe, technical director at SecureAge, told SC Media UK that hackers work from a position of being able to attempt millions of attacks in the knowledge that a few will get through.

“Ransomware and brute force attacks are great examples, and organisations must assume that someday one or more of these attacks will succeed no matter what barriers are put in place. Clearly, we don't want cybercriminals inside the network, but we must plan for the eventuality by inherently protecting data at source using file encryption. Implemented properly, so that people don't need to be aware of the encryption that's going on, any stolen data will remain encrypted and therefore useless to the hacker,” he said.

Tom Lysemose Hansen, CTO at Promon, told SC Media UK that organisations should not rely on leaving it to end-users (employees) to handle security themselves, instead, focus on securing the endpoint through security mechanisms that protect browsers and applications used for virtual desktop sessions against attacks in real-time.

“This can be through the use of VPNs to enable protected remote access to corporate environments and applications, ideally through the use of a protected browser. To further reduce this risk, businesses should also ensure that employees are made aware that they should only access business-critical applications/portals/CRMs within protected environments when necessary and no more,” he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews