Kaspersky Labs is reporting a massive increase in brute force attacks against Microsoft’s RDP protocol since the beginning of March, coinciding perfectly with coronavirus lockdowns and increased numbers of people working from home.
Brute force attacks are decidedly blunt in their approach: Rather than try to sneak in a backdoor or bypass security, a brute force attack simply tries logging in to a system with a known username and all possible passwords.
Attacks like these are all about numbers: Try enough password combinations on enough systems with enough different usernames and you’re bound to get through sometime. With the COVID-19 outbreak sequestering potentially millions of people at home, attackers have a playground to choose from.
“As far as we can tell, following the mass transition to home working, they logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks,” Kaspersky Labs said in a blog post.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
According to Kaspersky, the target of these attacks has mostly been Microsoft’s RDP, which it calls one of the most popular application-level remote access protocols available. RDP is used to remote connect to Windows computers and servers, and if an attacker manages to find one of the poorly secured RDP servers they’re seeking it could mean a breach of massive proportions.
Coronavirus lockdowns have been cybersecurity nightmares for businesses. Scams targeting remote workers, malicious coronavirus-themed apps are appearing on Google Play, and Dark Web operators are even offering discounts on software suites designed for cybercrime.
Remote workers are by nature less protected than those operating inside enterprise networks, and home Wi-Fi is one of the reasons cited for an increase in data breaches happening since COVID-19 lockdowns went into effect.
Brute force attack threats against RDP and similar systems are just one more headache for cybersecurity professionals to worry about in the coming weeks and months until (if ever) workers return to offices.
Kaspersky Labs said that Microsoft RDP users aren’t the only ones that have to worry, either: VNC, another popular remote access system, was found by Kaspersky to have 37 different vulnerabilities in late 2019, several of which Kaspersky said have yet to be fixed.
Regardless of which remote access platform you and your organization is using, Kaspersky Labs gives the following security recommendations:
- Closely monitor applications being used on company assets, and update apps whenever new versions are released,
- Train employees on proper remote-work cybersecurity protocols and best practices,
- Segment company resources and require users to have different passwords to access different systems,
- Encrypt devices wherever possible,
- Make sure critical systems are backed up and disaster recovery protocols are in place and tested,
- Install security software on all company assets, and be sure there’s also software installed to track and remotely wipe computers that are stolen.