One year ago, the World Health Organization declared that there was a global pandemic. To prevent the virus from spreading, countries rushed to enact measures including working from home. Companies had little time to prepare for this new way-of-working and enact proper security measures, leaving them vulnerable to a number of new security risks. As a result, the number of attacks against Remote Desktop Protocols has risen sharply in the past year.
RDP is perhaps the most popular remote desktop protocol and is used to access Windows or servers. After the switch to remote work, bruteforce attacks against this protocol skyrocketed. In a bruteforce attack, attackers test different usernames and passwords until the correct combination is found—and they gain access to the corporate resources. Over the past year, while the total number of bruteforce attacks has ebbed and flowed, they have continued to increase when compared to pre-pandemic levels.
Total number of bruteforce attacks against RDP from February 2020-February 2021
According to Kaspersky’s telemetry, when the world went into lockdown in March 2020, the total number of bruteforce attacks against RDP jumped from 93.1 million worldwide in February 2020 to 277.4 million in March 2020 – a 197 percent increase. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November. In February 2021 – nearly one year from the start of the pandemic – there were 377.5 million bruteforce attacks – a far cry from the 93.1 million witnessed at the beginning of 2020.
“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format. That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access,” says Dmitry Galov, security expert at Kaspersky.
To keep your company safe from bruteforce attacks, Kaspersky experts recommend:
• Enable access to RDP through a corporate VPN
• Enable use of Network Level Authentication (NLA) when connecting remotely.
• If possible, enable multi-factor authentication
• Use corporate security solution empowered with network threat protection such as Kaspersky Endpoint Security for Business.
On Securelist you can read about the biggest changes in online security since the start of the pandemic.