After the switch to remote work, brute-force attacks against RDP — which is perhaps the most popular remote desktop protocol and is used to access Windows or servers — skyrocketed, reaching a new high of 409 million worldwide in November 2020, showed the research from cybersecurity firm Kaspersky.
In a brute-force attack, attackers test different usernames and passwords until the correct combination is found — and they gain access to the corporate resources.
When the world went into lockdown in March 2020, the total number of brute-force attacks against RDP jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March — a 197 per cent increase, according to Kaspersky’s telemetry.
The numbers in India went from 1.3 million in February 2020 to 3.3 million in March 2020. From April 2020 onward, monthly attacks never dipped below 300 million, and they reached a new high of 409 million attacks worldwide in November 2020.
The highest number of attacks, 4.5 million in India, was recorded in July 2020, showed the data.
In February 2021 — nearly one year from the start of the pandemic — there were 377.5 million brute-force attacks — a far cry from the 93.1 million witnessed at the beginning of 2020.
India alone witnessed 9.04 million attacks in February 2021.
The total number of attacks in India from February-December 2020 was around 37 million, while the total number of attacks recorded in India during January and February 2021 are around 15 million.
“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” Dmitry Galov, security expert at Kaspersky, said in a statement.
“That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access.”
Enabling access to RDP through a corporate VPN and enabling use of Network Level Authentication (NLA) when connecting remotely are among the recommendations that experts offered to keep organisations safe from brute-force attacks.