Based on Kaspersky’s telemetry, brute-force attacks versus Remote Desktop Protocol (RDP) among its users in the Philippines showed an increase of 98.41% in the first half of 2021 compared to the same period in 2020.
From January to June 2021, a total of 4,877,645 attempted attacks against users of Kaspersky solutions in the country with Microsoft’s RDP installed in their desktops were recorded. This is in contrast to 2,458,364 attacks from January to June last year.
Data showing brute-force attacks vs users of Kaspersky solutions in the Philippines from January-June 2020 and January-June 2021
A brute-force attack is a way to guess a password or encryption key by systematically trying all possible combinations of characters until the correct one is found. The RDP is Microsoft’s proprietary protocol (set of rules or procedures for transmitting data between computers through a network) used to control servers and remotely connect to other computers running Windows.
A brute-force RDP attack targets a device running Windows (definitely using RDP) and tries to find a valid RDP login or password pair. If successful, it allows an attacker to gain remote access to the targeted host computer.
In the Philippines, the majority of desktops are installed with Microsoft OS and these have been the devices heavily relied upon by employees working remotely while Metro Manila and other key provincial cities were put into on and off lockdowns since the pandemic began.
As early as March 2020, Kaspersky researchers have observed a skyrocketing increase in cybercriminal activity, particularly attacks against corporate resources when remote work was hastily pushed among employees worldwide.
“The hurried mass transition to home working has given cyber attackers this logical conclusion that poorly configured RDP servers would surge and then we saw the number of attacks shoot up tremendously. Now that remote work is projected to be the next step as the future of business evolves, it would be to every company’s advantage to pay attention to establishing and improving their cybersecurity policies. Attacks on remote-access infrastructure, including collaboration tools, are unlikely to stop any time soon so we call on businesses and employees to look into securing their work-from-home set-up better,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Companies whose workforce are using RDP are strongly urged to help their remote staff work safe by taking possible protective measures such as:
- Use strong passwords.
- Make RDP available only through a corporate VPN.
- Use Network Level Authentication (NLA).
- Enable two-factor authentication, if possible.
- Disable RDP if not using it and close port 3389.
- Use a reliable security solution. The Kaspersky Total Security (KTS) has the High-Tech Protection feature for advanced scanning to detect fileless malware and Zero-Day threats as well as the Extended Protection beneficial for securing the WI-FI network and peripherals.
The High-Tech Protection in KTS informs the home computer user about malicious web address and their threat level, prevents questionable apps from accessing critical system processes and user’s personal data, and it triggers screen alerts when a user attempts to visit dangerous sites.
Meanwhile, the Extended Protection feature included the Password Manager which generates strong passwords to protect a user’s account privacy and secures the password, bank card details, and confidential documents. With Extended Protection, incoming traffic activity is scanned and upon detecting an attack, network activity is blocked. Users will also benefit from the Keylogger Protection feature of KTS that automatically stops keyloggers from recording a user’s keystrokes on a Windows PC to protect any private information entered on the keyboard.
Apart from its reliable Anti-Virus defense for neutralizing malware, KTS also has a strong Anti-Hacking feature to prevent unauthorized access and hacker attacks against a user’s PC and mobile devices.
Going close to two years into the pandemic, home computers used for remote work are still below corporate cybersecurity standards and Kaspersky shares a few more tips for companies to seriously consider:
- Give employees training in the basics of digital security
- Use different strong passwords to access different corporate resources.
- Update all software on employee devices to the latest version.
- Use encryption on devices for work purposes where possible.
- Make backup copies of critical data.
- Install security solutions on all employee devices, as well as solutions for tracking equipment in case of loss.