Kaspersky blocks over 23M bruteforce attacks in SE Asia

Today

Kaspersky has reported blocking over 23M bruteforce attacks aimed at businesses in Southeast Asia during the first half of 2024.

According to Kaspersky, a total of 23,491,775 Bruteforce.Generic.RDP attacks were detected and thwarted by their B2B products across companies of varying sizes from January to June. Bruteforce attacks involve cybercriminals attempting to guess login credentials, encryption keys, or hidden web pages by systematically trying all possible character combinations until successful access is achieved.

The use of Remote Desktop Protocol (RDP) is a common vulnerability exploited in these attacks. RDP, a proprietary protocol from Microsoft, allows users to connect to another computer through a network using a graphical interface. It is a tool frequently used by administrators and general users for remote computer access. A successful bruteforce attack on RDP facilitates remote access to the targeted host machine, posing significant threats.

Vietnam, Indonesia, and Thailand recorded the highest number of RDP attacks, with over 8.4 million, 5.7 million, and 4.2 million attacks, respectively. Singapore experienced over 1.7 million incidents, the Philippines surpassed 2.2 million, and Malaysia had just above 1 million brute-force attacks.

Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, highlighted the continuing relevance of bruteforce attacks despite their antiquity. "Although it is an old method, organisations must not underestimate a bruteforce attack. This threat is still relevant for the region because many organisations deploy weak passwords making it easier for attackers to succeed. In addition to that the absence of multi-factor authentication (MFA) on RDP connections as well as misconfigured RDP settings would also increase the possibility of successful execution of a bruteforce attack," he stated.

He further noted the growing sophistication of such attacks through artificial intelligence: "Cybercriminals are leveraging artificial intelligence to enhance the capabilities of bruteforce attacks by automating the process of generating and testing passwords, making it faster and more efficient. Implications of corporate network breach are far heavier. Organisations can suffer data breaches, or if systems are compromised they face operation disruptions. These would greatly impact organisations financially as they face costs of business downtime, recovery efforts and even regulatory fines."

Kaspersky provided several recommendations for organisations to protect against bruteforce attacks. Using strong, unique passwords, considering a password manager, and implementing two-factor authentication are critical steps. Limiting exposure of remote desktop services to public networks, monitoring network access, and setting up a security operation centre using tools like Kaspersky Unified Monitoring and Analysis Platform are also advised.

The company suggests using the latest Threat Intelligence information to enhance understanding potential threats and subscribes to managed services for organisations lacking specialised IT security functions. Finally, for very small businesses, Kaspersky Small Office Security is recommended to manage cybersecurity without an IT administrator.

Share on: