Big jump in RDP attacks as hackers target staff working from home

[mood]

Big jump in RDP attacks as hackers target staff working from home

Researchers at ESET detected billions of cyberattacks attempting to take advantage of people working remotely - and cyber criminals aren't letting up yet.

 

There's been a huge increase in cyber criminals attempting to perform attacks by exploiting remote login credentials over the last year, as many employees continue to work from home.

 

Working from home has become a necessity for many and it's only by remotely logging in to corporate VPNs and application suites that people are able to continue to do their jobs.

 

However, the rise in remote working has provided cyber criminals with a greater opportunity to slip into networks unnoticed by using legitimate login credentials – whether they are phished, guessed or otherwise stolen. By using legitimate login details instead of deploying malware, it's easier for attackers to go about their business without being detected.

 

 

According to researchers at cyberscurity company ESET, that ease has led to a 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020. In total, ESET detected 29 billion attempted RDP attacks across the year, as cyber criminals attempt to exploit remote workers.

 

In some cases, RDP ports are even misconfigured, providing attackers with even greater access to networks.

 

Either way, RDP attacks can be used to infiltrate networks to examine and steal sensitive information, while it can also be used as a means of gaining enough access to the network to deploy ransomware attacks.

 

This is all in environments that might be less protected than they would be if employees were working from within the office, rather than working remotely.

"RDP attacks are focusing on technology not on the human beings, thus require less handiwork from the attackers. Misconfigured RDP in many cases leads to valuable resources, such as company servers or devices with admin rights, that represent a springboard for further, often network-wide, compromises," Ondrej Kubovič, security awareness specialist at ESET told ZDNet.

 

The ESET report notes that there was a drop off in RDP attacks during December, something that they've attributed to cyber criminals taking time off over Christmas. But it's expected that 2021 will continue to see cyber criminals attempting to use RDP attacks to break into corporate networks, especially as employees continue to work remotely.

 

However, there are actions that organisations can take to make it much more difficult for cyber criminals to successfully compromise the network with RDP attacks.

 

IT security teams should encourage users to use strong passwords that are difficult to guess with brute force attacks. That password shouldn't be used for any other accounts in order to lower the risk of compromise as a result of the password being leaked or breached elsewhere.

 

Applying two-factor authentication across the network will also go a long way to preventing cyber criminals conducting successful RDP attacks, as it's much harder to get old of the extra layer of verification needed to access accounts.

 

Ensuring that users are using the latest versions of operating systems and software by having a solid patching strategy in place can also provide an additional layer of defence against attempted attacks.

 

 

Source: Big jump in RDP attacks as hackers target staff working from home

[Karlston]

Remote desktop cyberattacks top new high

RDP attack attempts rose by 768 percent last year

 

(Image credit: Shutterstock)

 

As employees around the world were busy making the transition to working from home last year, cybercriminals were quick to capitalize on the fact that their home networks lacked the security and safeguards found on corporate networks.

 

While some workers used VPN services to connect to their corporate networks, many relied on remote desktop software including Microsoft's Remote Desktop Protocol (RDP) which comes included with Windows 10. 

 

Due to the high number of users leveraging RDP, the cybersecurity firm ESET saw a record 768 percent increase in RDP attack attempts last year, according to its Q4 2020 Threat Report.

 

Chief research officer at ESET, Roman Kováč explained in a press release how cybercriminals often use RDP as a means to deploy ransomware, saying:

 

“RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4.”

2020 Threats

ESET's Q4 2020 Threat Report also offers further insight on how the cybersecurity firm took part in a global disruption campaign alongside Microsoft, FS-ISAC, Lumen's Black Lotus Labs, NTT and Broadcom's cybersecurity division Symantec to take down TrickBot. 

 

By working together to disrupt one of the largest and longest-lived botnets, the firms coordinated efforts resulted in 94 percent of TrickBot's servers being taken down in a single week.

 

The Q4 2020 Threat Report also goes into detail about how ESET researchers discovered a previously unknown APT group named XDSpy which targeted the Balkans and Eastern Europe as well as how the firm discovered a remarkable number of supply chain attacks last year.

 

Via The Register

 

 

Remote desktop cyberattacks top new high

[Karlston]

Similar topics merged.