Remote workers now the favorite of cybercriminals

    Attacks against remote access protocols reach 409 million worldwide,
    200M in Southeast Asia

    OVER a year ago the enterprises and workforces globally made shifted working from the office to their homes. Employees and executives both had to make remote work a norm in order to continue operations.

    This forced digitalization was a welcome development. It taught companies that the new world order may not need an office space and working at pace, from anywhere has quickly become acceptable to workers who can do it.

    However, with little time to make the transition, many companies had no time to enact proper security measures, leaving them vulnerable to a number of new security risks. Cybercriminals took advantage of this situation and remote work is now a new favorite target, which according to security experts Kaspersky, plays on the vulnerability of the security protocols used by employees to access corporate resources remotely.

    “Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” Dmitry Galov, security expert at Kaspersky comments.

    Accessing computers out of the office—using RDP or a remote desktop protocol—is the most popular tool for remote work. RDP is used to access Windows workstations or servers from a distance. Established remote desktop protocols are normally safe, but because of the various elements in between the office and the home, especially those involving employee’s sensitivities or knowledge about security and security processes, remote working can and has become vulnerable.

    Case in point.

    After the switch to remote work, Kaspersky reported that brute force attacks against this protocol skyrocketed.

    Attackers test different usernames and passwords until the correct combination is found—and they gain access to the corporate resources.

    According to Kaspersky’s telemetry, when the world went into lockdown in March 2020, the total number of brute force attacks against RDP jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March—a 197 percent increase. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November.

    In February 2021, there were 377.5 million brute-force attacks—a far cry from the 93.1 million observed at the beginning of 2020.

    Over the past year, while the total number of brute force attacks has ebbed and flowed, they have continued to increase when compared to pre-pandemic levels.

    “That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access,” Galov explained.

    Nearly 600,000 RDP attacks per day targeted remote workers in Southeast Asia

    Southeast Asia (SEA) was among the first regions battered by the COVID-19 pandemic.

    When the region implemented strict measures and border controls a year ago, enterprises and organizations began to shift to remote work, learning, and more. In turn, inviting the attention of cybercriminals, in a region where, security awareness is quite low.

    Kaspersky’s telemetry showed a trend — a slow but steady increase in the number of attacks against RDP being used in the region, hitting the highest in the month of September 2020  with 31,019,009 brute force attacks. Overall, the global cybersecurity company blocked a total of 214,054,408 RDP exploits in SEA.

    In the Philippines, the highest number of attempted attacks against RDP was recorded in August 2020 (1,306,318). A total of 6,979,713 attacks against RDP in the country were blocked by Kaspersky in 2020.

    “On a daily average, our solutions foiled almost 600,000 RDP brute force attacks here in Southeast Asia last year. Our latest numbers also showed that cybercriminals are not interested in taking a break. In the first two months of 2021, we’ve already detected more than 65 million attempts to exploit this remote working tool which is 30% of 2020’s total incidents,” Chris Connell, Managing Director for Asia Pacific at Kaspersky explains.

    The solutions to combat RDP attacks seem to be simple. Kaspersky experts recommend, aside from employee training for security in the remote working condition, for companies to enable access to RDP through a corporate VPN;  use of Network Level Authentication (NLA) when connecting remotely and enable multi-factor authentication.

    Many companies in Southeast Asia attest to the effectiveness of a corporate security solution empowered with network threat protection such as Kaspersky Endpoint Security for Business.

    “The sheer number of attacks we’ve identified and we continue to monitor paints a worrying picture of the increasing vulnerability employees working from home are exposed to. The pandemic’s second and third waves are still happening, unfortunately, so we see that remote work is here to stay at least for a long while. We call on business owners, from the largest enterprises to small and medium businesses, to consider putting up basic endpoint solutions and utilize adaptive training to repel these malicious attempts online,” Connell adds explaining how Kaspersky currently gives discounts for its latest Kaspersky Endpoint Detection and Response Optimum (KEDRO) solution. 

    This special deal is available for this comprehensive tool stands for new and existing customers valid on 10-999 nodes across the region until June 30, 2021. Customers can get up to 33% in savings for a 1-year license, and up to 40% for three years.