Home Tech News COVID-19 pandemic increases brute force attacks on remote desktop services

COVID-19 pandemic increases brute force attacks on remote desktop services

by Tejas Dhawan

The number of daily attacks doubles between early December and early February. In May Eset even registered more than 100,000 brute force attacks on RDP connections per day. Hackers use the connections to inject malware, among other things.

The COVID-19 pandemic appears to have led to a significant increase in brute-force attacks on the Windows Remote Desktop Protocol (RDP). According to a study by Eset, hackers are taking advantage of the fact that more people are at home Office work and use their own devices to access the company network via services such as RDP.

Eset’s telemetry data shows a surge from early December 2019 – from less than 40,000 brute force attacks a day to up to 70,000. By the beginning of January, the level had dropped back to less than 60,000 attacks a day, and then by the beginning of February it had risen again to over 80,000 attacks. Since then, the number of daily attacks has increased almost continuously to more than 100,000 at the beginning of May.

According to Eset, the numbers suggest that many users rely on convenience when setting up RDP connections and set up easy-to-remember passwords, which are usually easy to guess. In addition, security measures such as a two-step registration are often dispensed with.

Most attacks originated in the United States, China, Russia, Germany and France based on their IP addresses. Most of the victims, however, come from Russia, Germany, Brazil and Hungary.

Hackers who have successfully cracked an RDP connection, according to Eset, usually use it to inject ransomware and collect a ransom. Attacks with crypto nominees and espionage programs were also registered. In addition, hackers are said to have stopped or deleted backup services and stolen data.

Eset also advises to switch off RDP connections that are accessible via the public Internet, or to protect them via a virtual private network. In a firewall, all external connections to local computers should also be prevented via port 3389 or any other RDP ports.

Webinar: Network security and network monitoring in the new normal

The Gigamon Visibility Platform is the catalyst for the fast and optimized provision of data traffic for security tools, network performance and application performance monitoring. Find out in this webinar how Gigamon solutions can increase the efficiency of your security architecture and save costs.

Related Posts

Leave a Comment