Posted on February 9, 2021 at 10:37 AM
Cyber-attacks have increased since many workers started working from home. There are now more breaches related to Remote Desktop Protocol (RDP) compared to the levels before the COVID-19 pandemic.
Although RDP is a valuable tool for communications between business associates and clients, it can open the doors for threat actors if left enabled.
There are several instances where RDP login credentials were sold on the dark web. Now, a new report has emerged from security researchers ESET, which shows that there are billions of cyberattacks directed at those working remotely.
The number of RDP attacks rose significantly in 2020
According to the report, there has been a 768% growth in the number of RDP attacks in 2020. ESET said it discovered over 29 billion attempted RDP attacks last year.
To stay safe and avoid the spread of the virus, working from home has become very necessary. And it’s only by logging remotely into the corporate application suites and VPNs that workers can carry out their jobs effectively.
As a result, it exposes them to series of attacks, which can be used as a backdoor to corporate attacks.
Threat actors are slipping into networks unnoticed through legitimate login credentials they got from guessing passwords or through phishing attacks.
Since the attackers are not using malware but genuine access, it is difficult for security systems to detect any unusual activity.
Threat actors had easy access to networks
In some of the attacks seen, the threat actors even have open access to the networks due to the misconfiguration of the RDP ports.
With access to the RDP ports, the corporate networks can be infiltrated to steal sensitive files. The port is also useful for the hackers as a backdoor to deploy ransomware in the corporate network.
This easy access to the threat actors have through the workers’ systems may not easy if they were working directly on the corporate portal and not working remotely.
Ondrej Kubovič, a security researcher at ESET explained the attack and the reasons why it’s easier for threat actors.
“RDP attacks are focusing on technology, not on the human beings, thus require less handiwork from the attackers,” he stated.
Ondrej Kubovič added that several cases of misconfigured RDP result in the compromises of important resources like corporate networks or other devices that have admin access.
ESET stated that the number of RDP attacks on organizations dropped significantly in December. The researchers attributed such pause in their activities to the Christmas season.
But since the year began, the activities of threat actors on RDPs have gradually increased. As employees continue to work from home, it’s expected that the rate of attacks on the corporate network will increase. As a result, the ESET researchers are advising employees and organizations to be more serious about their security.
The research team stated that organizations can take certain actions to make it more difficult for threat actors to gain access to their network and cause mayhem through RDP attacks.
Protecting against RDP attacks
The corporations should educate workers on the various security protocols to follow if they want to avoid being victims of RDP attacks.
Additionally, IT security teams have been advised to encourage users to make use of strong passwords to prevent any form of brute force attack.
And when using a password, it should not be used on another account. Using a unique password in each account they have online will drastically reduce the number of RDP attacks employees and organizations face.
In this case, if a password or credential is leaked elsewhere, it can’t be connected to the credentials of other accounts.
Also, organizations should ensure they have a strong patch strategy in place and use the latest version of the operating system. The ESET security team said this will add an extra layer of security.