The Windows Remote Desktop Protocol has been severely hit by hackers wishing to compromise home-working employees.
Coronavirus lockdowns have tempted hackers into carrying out over 100,000 ‘brute force attacks’ against the Windows Remote Desktop Protocol every single day.
Says a report by Eset, its telemetry data showed a doubling of attacks over the pandemic period as the number of remote workers increased.
While this has led to an increased use of Windows’ Remote Desktop Protocol (RDP) to allow workers to connect to the corporate network from remote computers, organisations have neglected to increase security with employees using easy-to-guess passwords & with no additional layers of authentication or protection.
“That is probably also the reason why RDP has become such a popular attack vector in the past few years, especially among ransomware gangs.
These cyber-criminals typically brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions & then run ransomware to encrypt crucial company data,” researchers commented.
The data showed that most of the attacks originated from IP addresses in the US, China, Russia, Germany, & France. Most targeted countries were Russia, Germany, Japan, Brazil & Hungary.
Robert Ramsden-Board, VP EMEA, Securonix, explained that the fact there are more than 100,000 brute-force attacks targeting Windows RDP daily shows the extent of the risk.
“Despite the significant warning, many accounts on the Windows platform have substituted security for convenience with weak passwords or credential sharing. Indeed, it is the companies themselves who have the responsibility for the security of their corporate data,” he observed.
“As things stand currently, many companies have little awareness of the security posture their employees are taking while working from home. It is essential for companies to ensure that they are able to secure sensitive information in a more fluid working environment, which may continue for a significant time.
This may mean conducting security training courses to highlight the importance of adequate cyber-hygiene. If we are to win the fight against cybercriminals, then we must enforce a security-conscious mindset that transcends office walls.”
Millions of Attacks
Nigel Thorpe, Technical Director at Secure Age, commented that hackers work from a position of being able to attempt ‘millions of attacks’ in the knowledge that some will get through.
“Ransomware & brute force attacks are great examples, & organisations must assume that someday one or more of these attacks will succeed no matter what barriers are put in place.
Clearly, we do not want cybercriminals inside the network, but we must plan for the eventuality by inherently protecting data at source using file encryption. Implemented properly, so that people don’t need to be aware of the encryption that’s going on, any stolen data will remain encrypted and therefore useless to the hacker,” he counselled.
Securing the Endpoint
Tom Lysemose Hansen, CTO at Promon, advised that organisations should not rely on leaving it to employees to handle security themselves. Instead, focus on ‘securing the endpoint’ by means of security mechanisms that protect browsers and applications used for virtual desktop sessions against attacks in real-time.
“This can be through the use of VPNs to enable protected remote access to corporate environments and applications, ideally through the use of a protected browser.
To further reduce this risk, businesses should also ensure that employees are made aware that they should only access business-critical applications/portals/CRMs within protected environments when necessary and no more,” he concluded.