In mid-March of last year, the World Health Organization (WHO) officially declared the world was facing a pandemic, and countries rushed to enact measures to stem the spread. A popular measure to combat the pandemic was switching companies to remote work.
However, with little time to make the transition, many companies had no time to enact proper security measures, leaving them vulnerable to several new security risks. One of the most common were attacks against the protocols used by employees to access corporate resources remotely.
RDP is perhaps the most popular remote desktop protocol and is used to access Windows workstations or servers. After the switch to remote work, brute force attacks against this protocol skyrocketed. In a brute force attack, attackers test different usernames and passwords until the correct combination is found and they gain access to the corporate resources.
Over the past year, while the total number of brute force attacks has ebbed and flowed, they have continued to increase when compared to pre-pandemic levels.
According to Kaspersky’s telemetry, when the world went into lockdown in March 2020, the total number of brute force attacks against RDP jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March, a 197 percent increase. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November.
In February 2021, nearly one year from the start of the pandemic, there were 377.5 million brute-force attacks, a far cry from the 93.1 million witnessed at the beginning of 2020.
Nearly 600,000 RDP attacks per day targeted remote workers in Southeast Asia. Attacks peaked in Malaysia in July with 3.3 million and remained on average 2.29 million a month for the rest of the year.
Southeast Asia (SEA) was among the first region battered by the COVID-19 pandemic. Thailand recorded the first case outside China on January 13, 2020. With little known facts about the virus, nations across the region vigilantly observed and tailor-fitted their restrictions and precautionary measures before the pandemic status was declared by the WHO in March last year.
As with the rest of the world, SEA countries then implemented strict measures and border controls a year ago. This forced enterprises and organisations to shift to remote work, learning, and more. In turn, inviting the attention of cybercriminals.
Kaspersky’s telemetry showed a trend, a slow but steady increase in the number of attacks against RDP being used in the region, hitting the highest in September with 31,019,009 brute force attacks. Overall, the global cybersecurity company blocked a total of 214,054,408 RDP exploits in SEA.
Read more: Don’t click on fake Public Bank link
Discussion about this post