All this time, because COVID-19, many Employees they were forced to move away work. This means that they are not based on the infrastructure monitored by the company. However, they continue to have access in sensitive information in the corporate network.
Thousands of brute-force attacks on a daily basis
Remote work forced many employees to use personal device to connect to the work environment, through remote desktop services. The protocol Windows Remote Desktop is the most common.
Cybercrime criminals did not miss this opportunity either increased the number of brute-force targeting RDP services. The malicious hackers want to gain access to the company's network, gain administrator privileges and develop malware.
The telemetry data recorded by the cybersecurity company ESET, from December 1, 2019, show one abrupt increase in the daily number of brute-force attacks against RDP services.
From December 2019 to February 2020, the attacks it was between 40.000 and 70.000. The upward trend began in February, when the number reached 80.000.
In April and May, the attacks reached 100.000. By this time, Catholicism had been imposed in most countries lockdown.
According to ESET, most of the brute-force attacks, between January and May 2020, came from IP addresses from USA, The China, The Russia, Germany and France. Most of them Targeted IP addresses were in Russia, Germany, the Brazil and Hungary.
ESET provides the following scenarios that could follow an RDP breach:
- Clearing log files to remove previous malicious activity
- Receiving and executing tools and malware
- Disable security copies or even delete them
- Data theft from servers
ESET says one way to avoid brute-force attacks is to deactivate the RDP connection, which can be accessed from Internet.
Of course, this must be combined with other security measures, such as the multi-factor authentication application and use of unique and strong passwords for all accounts that are accessible via RDP. Finally, increased protection is provided by installing one VPN.