From January to June 2021, Kaspersky researchers discovered a 36.12% growth of brute force attacks on Remote Desktop Protocol (RDP) in Southeast Asia (SEA) compared to same period last year. The finding reflects how attackers are putting their efforts into targeting users that work from home.
In Thailand, Kaspersky detected a total of 24,094,399 attempted attacks against its users with Microsoft’s RDP installed on their computers. Thailand is now ranked second in the region.
What is RDP attack?
Working from home requires employees to log in to corporate resources remotely from their personal devices. One of the most common tools used for this purpose is Remote Desktop Protocol, or RDP, Microsoft’s proprietary protocol that enables users to access Windows workstations or servers. Unfortunately, given that many offices transitioned to remote work with little notice, many RDP servers were not properly configured, something cybercriminals have sought to take advantage of to gain unauthorized access to confidential corporate resources.
The most common type of attack being used is brute-force, wherein cybercriminals attempt to find the username and password for the RDP connection by trying different combinations until the correct one is discovered. Once it is found, they gain remote access to the target computer on the network.
Work from Home behavior in Thailand
According to the survey on Thai work from home behavior, 42.72% of respondents claimed they worked from home during COVID-19, while 34.45% used a hybrid approach (working from home and at work). Working from home seems an ideal choice if you want to be safe. But everything didn't go as smoothly as planned. 62.08% of home workers admitted that their devices were unequipped and inconvenient to use, while 45.97% experienced delay in communications.
In Thailand, the majority of desktop computers (80.7%) are installed with Microsoft OS and these have been the devices heavily relied upon by employees working remotely during on and off lockdowns since the pandemic began.
“This health crisis has clearly expedited digital transformation and the merging of our professional and personal life. Employees are now actively leading the way in accepting changes in pursuit of greater freedom and flexibility, using technology to own a new future. Companies must now adapt and restructure the modern workplace to make it more productive, sustainable, and most importantly, secure,” says Chris Connell, Managing Director for Asia Pacific at Kaspersky.
As working from home is here to stay, Kaspersky recommends employers and businesses to take all possible protection measures:
• At the very least, use strong passwords.
• Make RDP available only through a corporate VPN.
• Use Network Level Authentication (NLA).
• If possible, enable two-factor authentication.
• If you don’t use RDP, disable it and close port 3389.
• Use a reliable security solution.
Companies need to closely monitor programs in use and update them on all corporate devices in a timely manner. This is no easy task for many companies at present, because the hasty transition to remote working has forced many to allow employees to work with or connect to company resources from their home computers. Our advice is as follows:
• Provide training on basic cyber hygiene to your employees. Help them to identify the most common types of attacks that occur in the company, and provide basic knowledge in identifying suspicious emails, websites, text messages.
• Use strong, complex and different passwords to access every company resource
• Use Multi-Factor Authentication or two-factor authentication especially when accessing financial information or logging into corporate networks.
• Where possible, use encryption on devices used for work purposes.
• Enable access to RDP through a corporate VPN
• Always prepare for backup copies of critical data.
• Use a reliable enterprise security solution with network threat protection such as Kaspersky Endpoint Security for Business
Published : November 24, 2021
By : THE NATION