sb-as logo
Story image

Cybercriminals leverage remote desktop protocol to brute force attacks

09 Feb 2021

Remote Desktop Protocol (RDP) attacks surged during 2020, and their severity should not be underestimated. That’s the word from a new report by security firm ESET.

ESET data recorded a 768% increased in RDP attacks between Q1 and Q4 2020, driven by the shift to remote working and COVID-19.

ESET chief research officer Roman Kováč explains,  “RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4.”

RDP attacks leverage the common RDP protocol, which enables people to log on to a Windows-based device from a remote location. It is commonly used by some technical support staff to troubleshoot issues, however, it is largely unsecured and can be co-opted by cybercriminals.

According to the report,  RDP attacks per day grew in Q4 by 17%, but it was the lowest quarterly increase in 2020. 

“Similarly, the volume of attack attempts on RDP continued to grow in Q4, adding another 40% compared to Q3.  Albeit a large figure, this is a significant slowdown against the extreme 140% growth observed between Q2 and Q3,” the report notes.

Overall, ESET detected 29 billion RDP brute-force attempts across 770,000 unique clients for the entire year.

Other findings from the report confirm what many security firms saw in 2020 - a rise in email threats that leveraged COVID-19, particularly regarding vaccine rollouts.

“With vaccination underway, we will still likely see crooks come up with new variations of threats — such as malicious websites and apps claiming to offer information on vaccine timelines or even vaccine registration,” the report states.

Furthermore, the major takedown of 94% of servers related to the TrickBot malware also had an impact on activity. ESET head of threat research Jean-Ian Boutin notes that TrickBot activity remains low to this day.

“TrickBot has infested over a million computing devices around the world since late 2016 and we have been tracking its activities since the beginning. In 2020 alone, our automatic platform analyzed more than 125,000 malicious samples and downloaded and decrypted more than 40,000 configuration files used by the different TrickBot modules, giving us an excellent viewpoint of the different C&C servers used by this botnet.”

“In sum, from the beginning of the operation until October 18, 120 of the 128 servers identified as TrickBot infrastructure around the world were taken down.”

Story image
Palo Alto Networks expands IoT security to healthcare
"Palo Alto Networks IoT Security is designed to ensure Healthcare Delivery Organisations can realise the benefits of IoT for patient care — without sacrificing security."More
Story image
Latest Tenable launch provides holistic approach to vulnerability management
Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.More
Story image
AppDynamics launches Cisco Secure Application to protect against vulnerabilities
AppDynamics, part of Cisco, has released Cisco Secure Application, a solution designed to simplify vulnerability management, defend against cyber attacks and protect applications.More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
Veeam reports growth as demand for modern data protection increases
“Even with the unforeseen challenges and circumstances that began in early 2020, Veeam continued its rapid growth with its second consecutive year of bookings over $1 billion."More
Story image
Cyber-pandemic: The most notable cyber attacks of 2020
2020 and the COVID-19 pandemic saw employees move to remote working, keeping IT professionals on high alert for cyberattacks. More