ESET reported an increase in attacks using the brute-force method to 100 thousand per day during the transition of companies to the “home office” mode.
Representatives of the company say: before the changes caused by the pandemic, most organizations worked under the control of IT departments. Now many provide employees with remote access to the corporate network and sensitive data from home devices using RDP (Remote Desktop Protocol – Remote Desktop Protocol).
As a result, a security breach is opening up. Personnel often use weak passwords that are easy to pick up – the network becomes even more vulnerable to cybercriminals. The problem is exacerbated in the absence of additional protection in the form of two-factor authentication.
According to ESET telemetry, most of the blocked IP addresses in January-May 2020 were discovered in the USA, China, Russia, Germany, and France. Russia ranked first in terms of the number of unique attacks detected by ESET. Further in the ranking are Germany, Japan, Brazil, and Hungary.
But unauthorized access to organization systems is only the first step, followed by more serious actions by cybercriminals. Thus, RDP has become a popular vector of attacks, especially among groups that are involved in the spread of ransomware viruses. Attackers often try to infiltrate a poorly protected network, gain administrator rights, disable or remove security solutions, and then run malware to encrypt sensitive corporate data.
In addition, criminals can install a crypto miner and create a backdoor (a defect that is deliberately built into the program and allows unauthorized access), which will work even if unauthorized access to RDP is detected and terminated.