Brute force attacks on RDP devices have ‘rocketed’ with increase in home working: Kaspersky

Infosec pros are being warned to make sure Windows systems are locked tightly down after evidence emerged that generic brute force attacks on computers and servers allowing access through Microsoft’s remote desktop protocol have recently skyrocketed.

In a report released Thursday security vendor Kaspersky Labs said that since the beginning of March — roughly when organizations began insisting people work from home due to the COVID-19 pandemic —  hackers’ attempts to force their way into Windows systems through brute force credential attacks have jumped significantly.

“As far as we can tell, following the mass transition to home working, they [attackers] logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks,” the report says.

Brute force attacks can be based on combinations of random characters or a dictionary of popular or compromised passwords, it adds.

The numbers released cover seven countries: The U.S., Italy, Germany, Spain, France, Russia and China.

In the U.S. there was a leap around March 10, followed by a huge spike on April 6th. By comparison, the jump that started around March 10th in China has steadily grown.

RDP brute force attacks in U.S. Chart by Kaspersky

Kaspersky says administrators who allow RDP to be used should

  • at the very least verify that employees use strong passwords;
  • make RDP available only through a corporate VPN;
  • use Network Level Authentication (NLA);
  • if possible make employees use two-factor authentication;
  • if you don’t use RDP, disable it and close port 3389.

If you use a different remote-access protocol, admins still cannot relax, says Kaspersky:  At the end of last year, its researchers found 37 vulnerabilities in various clients that connected via the VNC protocol, which, like RDP, is used for remote access.

In addition, the report also urges infosec leaders to remind employees of the basics of digital security, including their responsibility to update the software on personal devices that connect to the corporate network. If possible, make them install security solutions on those personal devices.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now