Wednesday, Kaspersky Labs reported a massive jump in brute force attacks against Microsoft’s Remote Desktop Protocol (RDP). In February and the beginning of March, about 250,000 brute force attacks occurred per day. By mid-April, that number leaped as high as 1.4 million. That’s nearly a 560% increase in less than 2 months. These numbers only represent the United States. France, Germany, Italy, Russia, and Spain all saw similar increases as well.
What is a Brute Force Attack?
Phishing attacks hope you don’t realize they’re attempting to fool you. Malware opens backdoors for hackers. Meanwhile, brute force attacks work completely differently. The name implies someone breaking down the door into your system. In reality, they just unlock the door, open it, and walk inside.
That analogy may oversimplify the process a little. Actually, the hacker had been sitting outside the door with a massive truckload of keys. They attempted to unlock the door with each key one-by-one. Eventually, they find a key that unlocks the door. And then they walk inside. Brute force attacks play the numbers game. Use enough username and password combinations, and you’re bound to find one that works eventually.
Why the Sudden Increase?
Starting in March, the timing coincides perfectly with the start of the coronavirus lockdowns and people shifting to working at home. With everyone working from home right now, attackers have a never-ending list of targets.
According to Kaspersky Labs, “As far as we can tell, following the mass transition to home working, they logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks.”
We already knew cybercriminals were targeting remote users during COVID-19. Last week, we learned that COVID phishing attacks rose an incredible 4300% in March as well. The target of these brute force attacks has mostly been Microsoft’s RDP. RDP is used to remotely connect to Windows computers. If an attacker manages to find one a poorly secured RDP server, it could mean a breach of massive proportions.
RDP isn’t the only platform at risk. In 2019, Kaspersky reported on 37 different vulnerabilities found in VNC, another remote access system. Many of those vulnerabilities have yet to be fixed.
Recommended Protection Measures
Many will likely continue working from home for some time. Hackers aren’t going to stop their attacks. Kaspersky recommends the following to protect your systems from brute force attacks.
- At the very least, use strong passwords.
- Make RDP available only through a corporate VPN.
- Use Network Level Authentication (NLA).
- If possible, enable two-factor authentication.
- If you don’t use RDP, disable it and close port 3389.
- Use a reliable security solution.
- Monitor programs and update them regularly.
- Train employees in basic digital security.