The great migration of cyberthreats: Massive shift to attacks on remote desktop protocolsBy Staff Writer 15 December 2020 | Categories: feature articles
There has been a worldwide, involuntary shift to relying on digital platforms and tools to work and carry out other aspects of our lives over the past year. The new stay home – stay safe - way of living has resulted in organisations adjusting their corporate networks and led to the emergence of new threats, as well as the strengthening of existing ones.
This does not necessarily mean that the total number of identified attacks grew in 2020, yet their redistribution is clear. Kaspersky researchers discovered a 242% growth of brute force attacks on remote desktop protocols (RDP) globally compared to last year and 1.7 million unique malicious files disguised as apps for corporate communication appeared.
Both of these findings reflect how attackers are putting their efforts into targeting users that work from home. As a comparison, the number of brute force attacks on remote desktop protocols grew by 220% in South Africa. These and other findings have been covered by Kaspersky researchers in the company’s ‘Story of the year: Remote work’ report.
Having to move employees to working from home in such a short space of time opened up new vulnerabilities that cybercriminals were quick to target. The volume of corporate traffic grew, and users swiftly moved to using third-party services to exchange data, and work via potentially insecure Wi-Fi networks.
Another headache for information security teams was, and still is, the increased number of people using remote-access tools. One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP.
Computers that have been made available to remote workers and incorrectly configured grew in number during the first wave of lockdowns across the globe, and so did the number of cyberattacks on them. These attacks were usually attempting to brute-force (systematically trying to find the correct option) a username and password for RPD. A successful attempt resulted in cybercriminals gaining remote access to the target computer in the network.
Since the beginning of March, the number of Bruteforce.Generic.RDP detections skyrocketed, resulting in the total number detected in the first eleven months of 2020 growing by 3.2 times compared to the number of the same type of attacks in 2019. Overall, 22.8 million attacks on Remote Desktop Protocols were detected between January and November 2020. In 2019, during the same 11-month period, Kaspersky detected 7.1 million of these attacks worldwide.
RDP attacks dynamics, January - November 2019 vs 2020, for South Africa
Aside from attacks on RDP, cybercriminals were quick to figure out that many workers replaced offline communication with online tools and so decided to abuse this demand too. Globally, Kaspersky detected 1.66 million unique malicious files that were spread under the guise of popular messenger and online conference applications, typically used for work. Once installed, these files would primarily load Adware – programs that flooded victims’ devices with unwanted advertising and gathered their personal data for third-party use. Another group of files disguised as corporate apps were Downloaders – applications that may not be malicious, but are able to download other apps, from Trojans to remote access tools.
“This year taught us a lot. The move online was not as flawless as one would imagine, especially given that we already lived in what we thought was a digitised world. As the focus switched to remote work, so did the cybercriminals, who directed their efforts to capitalise on a rise in adoption. I am happy to state that the adoption process was fast and this meant the world could go on. Economies did not freeze and we still get to have our coffee, albeit, via delivery services. Yet now we know that there is still a lot to learn about the responsible use of technology, with data sharing at the heart of it’, commented Dmitry Galov, security researcher at Kaspersky.
“One of the biggest challenges of 2020 turned out to be awareness of potential online dangers. The key here is not that the sudden demand for online services – be they work-related or for food delivery – grew,” he continued.
“Many new users were people who in principle avoided being so digitally exposed in first place. They did not necessarily disregard the need for cybersecurity – they had simply chosen not to use digital services before and were less educated about what can happen online. This group of people turned out to be one of the most vulnerable during the pandemic – their level of awareness of online dangers was very low. It seems like we have been given a big challenge worldwide and I hope that helped increase the level of cybersecurity awareness among ordinary users”, added Galov.
As working from home is here to stay, Kaspersky recommends employers and businesses follow the advice below, to stay on top of any potential IT security issues when their employees work remotely:
- Enable access to your network through a corporate VPN and, if possible, enable multi-factor authentication to stay protected from RDP attacks.
- Use a corporate security solution empowered with network threat protection, such as Kaspersky Integrated Endpoint Security. The solution also includes log inspection functionality to configure monitoring and alert rules for brute force and failed login attempts.
- Ensure your employees have all they need to securely work from home and know who to contact if they face an IT or security issue.
- Schedule basic security awareness training for your employees. This can be done online and cover essential practices, such as account and password management, endpoint security and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home.
- Ensure devices, software, applications and services are kept updated.
- Ensure you have access to the latest threat intelligence to bolster your protection solution. For example, Kaspersky offers a free COVID-19 related threat data feed.
- In addition to physical endpoints, it is important to protect cloud workloads and virtual desktop infrastructure. As such, Kaspersky Hybrid Cloud Security protects hybrid infrastructure of physical and virtual endpoints, as well as cloud workloads whether running on-premise, in a datacenter or in a public cloud. It supports integration with the major cloud platforms such as VMware, Citrix or Microsoft, and facilitates migration from physical to virtual desktops.
While there is a lot of responsibility on employers to keep corporate devices and networks secure, Kaspersky is also offering the following recommendations for consumers and workers during their time at home:
- Ensure your router supports and works smoothly when transmitting Wi-Fi to several devices simultaneously, even when multiple workers are online and there is heavy traffic (as is the case when using video conferencing tools).
- Set up strong passwords for your router and Wi-Fi network. Ideally it should include a mix of lower-case and upper-case letters, numbers and punctuation.
- If you can, only do work on devices provided by your employer. Putting corporate information on your personal devices could lead to potential security and confidentiality issues.
- Do not share your work account details with anybody else, even if it seems a good idea at the time.
- In order to protect personal devices, use a reliable security solution such as Kaspersky Security Cloud that safeguards your privacy, data and financial assets with a comprehensive set of tools and features, including a VPN, payment protection, PC cleaning, blocking unauthorised access to webcams, file encryption, password storage, parental control and many others.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?