Attempts to crack credentials continue to assault businesses in SEA

THURSDAY, DECEMBER 12, 2024

Global cybersecurity company Kaspersky reports blocking more than 23M bruteforce attacks eyeing businesses in Southeast Asia (SEA) for the first six months of 2024.

A brute force attack is a method employed by cybercriminals to guess login info, and encryption keys, or find a hidden web page by systematically attempting all possible character combinations until they find the correct one. Successful brute force attacks allow attackers to obtain personal data and valuable information, plant and spread malware, and even hijack the system for malicious activities.

A total of 23,491,775 Bruteforce.Generic.RDP was detected and foiled by Kaspersky B2B products installed in companies of various sizes in the region from the period of January to June.

Remote Desktop Protocol (RDP) is Microsoft’s proprietary protocol, providing a user with a graphical interface to connect to another computer through a network. RDP is widely used by both system administrators and less technical users to control servers and other PCs remotely.

A Bruteforce.Generic.RDP attack attempts to find a valid RDP login/password pair by systematically checking all possible passwords until a correct one is found. When successful, it allows an attacker to gain remote access to the targeted host computer.

Vietnam, Indonesia, and Thailand registered the highest number of RDP attacks for the first half of the year, with over 8.4 million, 5.7 million and 4.2 million attacks respectively. Meanwhile, Singapore has more than 1.7 million incidents, the Philippines has over 2.2 million, and Malaysia with the lowest number of just over 1 million brute-force attacks.

Attempts to crack credentials continue to assault businesses in SEA

“Although it is an old method, organisations must not underestimate a brute-force attack. This threat is still relevant for the region because many organisations deploy weak passwords making it easier for attackers to succeed. In addition to that the absence of multi-factor authentication (MFA) on RDP connections as well as misconfigured RDP settings would also increase the possibility of successful execution of a brute force attack,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

 “Cybercriminals are leveraging artificial intelligence to enhance the capabilities of brute force attacks by automating the process of generating and testing passwords, making it faster and more efficient. Implications of corporate network breaches are far heavier. Organisations can suffer data breaches, or if systems are compromised they face operation disruptions. These would greatly impact organisations financially as they face costs of business downtime, recovery efforts and even regulatory fines,” adds Yeo.

To protect your organisations, ensure adequate measures are taken:

1.    Use strong and unique passwords. Do not re-use on multiple websites, social media accounts or financial accounts. Consider using a password manager to not only help generate a unique and strong password but also to manage them. 

2.    Implement two-factor authentication (2FA) and consider using tools such as an authenticator app. 

3.    Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless necessary and always use strong passwords, two-factor authentication and firewall rules for them.

4.    Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access on an as-needed, and as-required basis to minimise risks of unauthorised access and data leak. 

5.    Set up a security operation centre (SOC) using an SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform, a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next XDR Expert, a robust cybersecurity solution that defends against sophisticated cyber threats.

6.    Use the latest Threat Intelligence information to have in-depth visibility into cyber threats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.

7.    If your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialist skills required for expert-level detection and response solutions, consider subscribing to a managed service such as Kaspersky MDR. This would instantly boost your security capabilities by an order of magnitude while allowing you to focus on building in-house expertise.

8.    For the protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board. Kaspersky Small Office Security provides you with hands-off security due to 'install and forget' protection and saves the crucial budget, particularly in the early stages of business development.

Attempts to crack credentials continue to assault businesses in SEA