Despite advancements in cybersecurity technology, brute-force attacks continue to pose a significant threat to businesses in Southeast Asia. According to a report from global cybersecurity company Kaspersky, over 23 million brute-force attacks targeting businesses in the region were blocked in the first half of 2024.
Brute-force attacks, a tried-and-true method for cybercriminals, involve systematically guessing login information, encryption keys, or hidden web pages by trying all possible character combinations until the correct one is found. Successful attacks can lead to data breaches, malware infections, and system hijacking for malicious activities.
Kaspersky’s report reveals that the majority of these attacks targeted the Remote Desktop Protocol (RDP), a tool commonly used for remote access to computers and servers. “A Bruteforce.Generic.RDP attack attempts to find a valid RDP login / password pair by systematically checking all possible passwords until 1 a correct one is found,” explains the report. “When successful, it allows an attacker to gain remote access to the targeted host computer.”
Vietnam, Indonesia, and Thailand were the top three countries targeted by these attacks, registering over 8.4 million, 5.7 million, and 4.2 million attacks respectively. Singapore, the Philippines, and Malaysia also experienced a significant number of brute-force attacks, though to a lesser extent.
“Although it is an old method, organisations must not underestimate a bruteforce attack,” warns Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. “This threat is still relevant for the region because many organisations deploy weak passwords making it easier for attackers to succeed.” He further emphasizes the risks associated with inadequate security measures, stating, “In addition to that the absence of multi-factor authentication (MFA) on RDP connections as well as misconfigured RDP settings would also increase the possibility of successful execution of a bruteforce attack.”
The report also highlights the increasing sophistication of these attacks, with cybercriminals leveraging artificial intelligence to automate and enhance the process of generating and testing passwords. “Cybercriminals are leveraging artificial intelligence to enhance the capabilities of bruteforce attacks by automating the process of generating and testing passwords, making it faster and more efficient,” says Yeo.
The consequences of a successful brute-force attack can be severe, leading to data breaches, operational disruptions, and financial losses. “Implications of corporate network breach are far heavier,” adds Yeo. “Organisations can suffer data breaches, or if systems are compromised they face operation disruptions. These would greatly impact organisations financially as they face costs of business downtime, recovery efforts and even regulatory fines.”
To combat this persistent threat, Kaspersky recommends that organizations implement a multi-layered approach to security, prioritizing robust password security by enforcing strong, unique passwords for all accounts and considering the use of a password manager. Implementing multi-factor authentication (MFA) adds an extra layer of protection, particularly for critical systems and accounts. Securely configuring remote access protocols like RDP is crucial, limiting exposure to public networks and enforcing strong passwords and MFA.
Continuous network monitoring helps detect unusual activity and allows for controlled user access to minimize risks. Employing security operation centers (SOCs) equipped with SIEM tools and advanced cybersecurity solutions enhances threat detection and response capabilities. Staying informed about the latest cyber threats and attacker tactics through threat intelligence is vital. Organizations lacking dedicated security expertise should consider subscribing to managed security services for expert-level threat detection and response.