3.3 billion cyberattacks on Remote Desktop Protocols were detected between January and November 2020
Kaspersky, the worldwide cybersecurity solutions firm has now revealed that there is 242 per cent escalation of phishing on remote desktop protocols (RDP) in 2020 compared to previous year and 1.7 million unique malicious files disguised as apps for corporate communication appeared.
Having to move employees to working from home in such a short space of time opened up new vulnerabilities that cybercriminals were quick to target. The volume of corporate traffic grew, and users swiftly moved to using third-party services to exchange data, and work via potentially insecure Wi-Fi networks. Another headache for information security teams was, and still is, the increased number of people using remote-access tools.
One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP. Computers that have been made available to remote workers and incorrectly configured grew in number during the first wave of lockdowns across the globe, and so did the number of cyberattacks on them. These attacks were usually attempting to brute-force (systematically trying to find the correct option) a username and password for RPD. A successful attempt resulted in cybercriminals gaining remote access to the target computer in the network.
Since the beginning of March, the number of Bruteforce, Generic.RDP detections has skyrocketed, resulting in the total number detected in the first eleven months of 2020 growing by 3.4 times compared to the number of the same type of attacks in 2019. Overall, 3.3 billion attacks on Remote Desktop Protocols were detected between January and November 2020. In 2019, during the same 11-month period, Kaspersky detected 969 million of these attacks worldwide. The number of detections in India alone went as high as 36 million (36356139) in 2020 between January- November, while the number of attacks during the same period in 2019 was around 18 million (18113663).
Aside from attacks on RDP, cybercriminals were quick to figure out that many workers replaced offline communication with online tools and so decided to abuse this demand too. Kaspersky detected 1.66 million unique malicious files that were spread under the guise of popular messenger and online conference applications, typically used for work. Once installed, these files would primarily load Adware – programs that flooded victims’ devices with unwanted advertising and gathered their personal data for third-party use. Another group of files disguised as corporate apps were Downloaders – applications that may not be malicious, but are able to download other apps, from Trojans to remote access tools.
As working from home is here to stay, Kaspersky recommends employers and businesses to follow the advice below to stay on top of any potential IT security issues when their employees work remotely:
- Enable access to your network through a corporate VPN and, if possible, enable multi-factor authentication to stay protected from RDP attacks.
- Use a corporate security solution empowered with network threat protection, such as Kaspersky Integrated Endpoint Security. The solution also includes log inspection functionality to configure monitoring and alert rules for brute force and failed login attempts.
- Ensure your employees have all they need to securely work from home and know who to contact if they face an IT or security issue.
- Schedule basic security awareness training for your employees. This can be done online and cover essential practices, such as account and password management, endpoint security and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home.
- Ensure devices, software, applications and services are kept updated.
- In addition to physical endpoints, it is important to protect cloud workloads and virtual desktop infrastructure. As such, Kaspersky Hybrid Cloud Security protects hybrid infrastructure of physical and virtual endpoints, as well as cloud workloads whether running on-premise, in a datacenter or in a public cloud. It supports integration with the major cloud platforms such as VMware, Citrix or Microsoft, and facilitates migration from physical to virtual desktops.