aspersky, a global cybersecurity company, recently reported a drop in Bruteforce attacks against remote workers in Southeast Asia (SEA). While this is positive news, Kaspersky warns that it is too early for businesses to become complacent. Bruteforce attacks are attempts to find a valid login and password combination by systematically checking all possible passwords until the correct one is found. Remote Desktop Protocol (RDP) is a popular target for these attacks, as it allows users to remotely control servers and other PCs.
Kaspersky’s telemetry shows that its B2B solutions blocked a total of 75,855,129 Bruteforce.Generic.RDP incidents targeting companies in SEA last year, a 49% dip from 2021’s 149,003,835 Bruteforce attacks. However, companies in Vietnam, Indonesia, and Thailand were still targeted the most. Kaspersky attributes the decline in attacks to the shift to either a pure face-to-face or a hybrid remote environment, resulting in fewer remote workers.
However, Kaspersky warns that it is still too early to proclaim total safety from Bruteforce attacks. Its experts see more modern ransomware groups exploiting RDP to gain initial access to targeted enterprises, and Kaspersky’s recent report identified exploiting external remote services as the most common technique used by ransomware groups to gain initial access.
Kaspersky recommends protecting against RDP-related attacks by hiding it behind a VPN and properly configuring it, as well as using strong passwords. To reduce the risk and impact of a ransomware attack caused by RDP Bruteforce, Kaspersky suggests deploying a comprehensive defensive concept, such as the Kaspersky Extended Detection and Response (XDR) platform, which equips, informs, and guides teams in their fight against the most sophisticated and targeted cyberattacks.
11 April 2023