Posted on May 21, 2020
Businesses today are facing unprecedented challenges: Economies that are wobbly, full workforces who are suddenly working from home, uncertainty as to how and when business can go to back to normal (and just what “normal” will mean) – and concern about possible “second wave” events. As if all that was not enough, many companies are experiencing cyberattacks enabled by the very technology that enables their newly remote workforce to continue their work. Brute force attacks on RDP-based remote access methods have reached all-time highs, as cybercriminals exploit vulnerabilities for their own gain.
RDP (Remote Desktop Protocol), a proprietary network communications protocol developed by Microsoft, allows a user to remotely access another computer graphically. Many vendors besides Microsoft provide RDP-based clients as well.
Brute force attacks targeting RDP in the US averaged 256,000 per day in January and February 2020. By March 12, attacks surged to over 800,000 per day. That represented a shocking new level of attacks — until early April when brute force attacks on RDP ports peaked at over 1.4 million each and every day.
Three factors make RDP remote access methods particularly attractive for cyberthieves to exploit now:
All of this means that potential targets are more numerous, more identifiable and easier – and cheaper — to exploit than they were just a short while ago. In fact, a batch of usernames and passwords for brute force attacks can cost as little as $20 on the dark web.
Recent reports that TrickBot malware has been upgraded to brute-force RDP accounts are clear indications of the growing popularity of RDP attacks.
RDP may present ripe opportunities for cybercriminals, but it is the potential for significant rewards that makes those opportunities attractive to exploit.
Criminals may have diverse objectives for their attacks:
There are several things you can do to avoid becoming a victim of an RDP-based brute force attack:
Of course, the best way to avoid RDP-based attacks is to use a secure application and remote desktop access solution that prevents RDP from being exposed. Choose a clientless solution like Ericom Connect that can be installed quickly, easily and from a remote location, even on target desktops, so admins can also work in the safety of their own homes. Browser-based access to remote desktops cuts learning curves for users, who work just as they do in the office, only via a browser. Make sure that the solution is highly scalable and supports all the security features recommended above – multifactor authentication, single sign-on and integration with VPNs.
Criminals see crises as opportunities – after all, especially in black swan events, there will be many organizations that respond in ways that expose them to risk.
Now that the most businesses are past the initial shock, its time to step back, reassess, and seek a robust remote access solution that will not only allow all users to access the resources they need, but allows them to do so in a way that is comfortable for users, easy for IT, and keeps valuable organizational resources safe from the hackers who are ready to attack. There is no time like the present to migrate to the most secure remote access methods — a secure remote desktop solution like Ericom Connect.
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.