Brute force attacks on remote desktop protocols (RDP) globally grew 242% this year compared to 2019, with 3.3 billion attacks detected between January and November 2020 compared to 969 million of these attacks worldwide in last year.
In addition, 1.7 million unique malicious files appeared disguised as applications for corporate communication. Both findings reflect how attackers set their sights on users that work from home.
Other details on these and other findings covered Kaspersky researchers in the “ Story of the year: remote work ” report.
RDP, the focus of attack
The transition to working from home in such a short time span opened up new vulnerabilities that cybercriminals quickly exploited. The volume of corporate traffic grew and users swiftly moved to using third-party services (Shadow IT) to exchange data , often working via potentially insecure Wi-Fi networks.
Another headache for information security teams was, and still is, the increased number of people using remote-access tools.
One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol, RDP.
Computers that have been made available to remote workers and were incorrectly configured grew in number during the first wave of lockdowns across the globe, and so did the number of cyberattacks on them. These attacks usually attempted to brute-force (systematically trying to find the correct option) a username and password for RDP. A successful attempt resulted in cybercriminals gaining remote access to the target computer in the network.
Since the beginning of March, the number of Bruteforce.Generic.RDP detections has skyrocketed, resulting in the total number detected in the first eleven months of 2020 growing by 3.4 times, compared to the number of the same type of attacks in 2019. Overall, 3.3 billion attacks on Remote Desktop Protocol were detected between January and November 2020. In 2019, during the same 11-month period, Kaspersky detected 969 million of these attacks worldwide.
Aside from attacks on RDP, cybercriminals were quick to figure out that many workers replaced offline communication with online tools and so decided to abuse this demand too. Kaspersky detected 1.66 million unique malicious files that were spread under the guise of popular messenger and online conference applications, typically used for work.
Once installed, these files would primarily load Adware programs that flooded victims’ devices with unwanted advertising and gathered their personal data for third-party use. Another group of files disguised as corporate apps were Downloaders. These are applications that may not be malicious on their own, but are able to download other harmful apps, from Trojans to remote access tools.