The COVID-19 pandemic caused the world to go on lockdown in March 2020, leading to a rushed transition to work from home in Southeast Asia. A year later, employees partially returned to the office, creating a hybrid work setup that has now become the new norm. While the hybrid work setup isn’t entirely new, employees are now more inclined to stick to it, and companies have come to accept it as it has proven to work fairly well for two years. However, cybercriminals have taken advantage of the situation, making it their opportunity to steal valuable data from employees’ devices.
One of the most popular remote access tools used by cybercriminals is the remote desktop protocol (RDP). Originally designed as a remote administration tool, RDP allows users to access Windows workstations or servers and other device resources. It has clients available for all major operating systems, such as iOS, OS X, Linux, Unix, and even Android. Cybercriminals exploit incorrectly configured settings or vulnerabilities such as weak passwords to penetrate the target computer through RDP. This makes hacking an RDP connection very lucrative for cybercriminals.
In 2020, there was a global increase in the number of people using remote access tools, including RDP. In Southeast Asia, there were approximately 147,565,037 RDP attack attempts against Kaspersky users. When the workforce slowly started going hybrid in 2021, the RDP attack attempts increased slightly to 149,003,835. However, in 2022, when pandemic restrictions were lifted, the number of RDP attempts spiraled down to 75,855,129, representing a plunge of -49% from the previous year.
Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, stated that “flexibility, agility, and openness are important to our sustainability and productivity in business. We are still evolving, and part of this evolution is the resounding desire of the workforce in Southeast Asia to stay within the hybrid setup, which boils down to our need for connection and empowerment as humans, and we need to acknowledge that.”
As employees continue to work remotely or in hybrid setups, companies must provide options and support within the cybersecurity framework for their safe return to office work in any form. For example, companies should continue using virtual private networks (VPNs) and advanced endpoint and detection response (EDR) solutions to ensure safe return to on-site work. Additionally, organizations should restore any security controls disabled for remote workers and update internal systems to ensure that there are no unpatched servers that could pose a risk to the corporate network.
In conclusion, while the pandemic has caused many changes in the way we work, it has also created opportunities for cybercriminals to exploit. However, by following these cybersecurity action items, companies can help stressed IT security managers prioritize and ensure a safe return to the office for their employees.
12 April 2023
