In mid-March of last year, the World Health Organization officially declared the world was facing a pandemic, and countries rushed to enact measures to stem the spread. A popular measure to combat the pandemic was switching companies to remote work. However, with little time to make the transition, many companies had no time to enact proper security measures, leaving them vulnerable to a number of new security risks. One of the most common were attacks against the protocols used by employees to access corporate resources remotely.
RDP is perhaps the most popular remote desktop protocol and is used to access Windows or servers. After the switch to remote work, bruteforce attacks against this protocol skyrocketed. In a brute-force attack, attackers test different usernames and passwords until the correct combination is found—and they gain access to the corporate resources.
Over the past year, while the total number of brute-force attacks has ebbed and flowed, they have continued to increase when compared to pre-pandemic levels.
The total number of brute force attacks against RDP from February 2020-February 2021 (Globally).
According to Kaspersky’s telemetry, when the world went into lockdown in March 2020, the total number of bruteforce attacks against RDP jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March—a 197 percent increase. The numbers in India went from 1.3 million (1363953) in Feb 2020 to 3.3 million (3301848) in March 2020. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November 2020. The highest number of attacks 4.5 million (4586533) in India was recorded in July 2020.
In February 2021—nearly one year from the start of the pandemic—there were 377.5 million brute-force attacks—a far cry from the 93.1 million witnessed at the beginning of 2020. India alone witnessed 9.04 million (9048791) attacks in Feb 2021.
The total number of attacks in India from Feb-Dec 2020 was around 37 million (37664893), while the total number of attacks recorded in India during Jan & Feb 2021 is around 15 million (15804209).
“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format. That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access,” comments Dmitry Galov, security expert at Kaspersky.
“Businesses have faced various challenges during the COVID-19 era and have successfully managed to overcome them. Employees working remotely helped businesses in getting back on track. However remote working was not the most secure option to consider by businesses when it came to keeping their sensitive and important data safe. The increase in the number of brute force attacks in India as well as globally is concerning and immediate action needs to be taken by businesses of all sizes, as no one is completely safe from nefarious cybercriminals. It is imperative for businesses to secure themselves from these attacks, as it is a very popular method of attack that is used for data breaches by cybercriminals in order to gain sensitive data from enterprises successfully and without much investment”, explained Mr. Chris Connell, Managing Director, Kaspersky (APAC).
Connell further said, “Educating the staff on safe practices and tools for password management and watching accounts in real-time for strange activity can help the enterprises tremendously in fighting against such attacks.”