Big jump in RDP attacks as hackers target staff working from home

Researchers at ESET detected billions of cyberattacks attempting to take advantage of people working remotely - and cyber criminals aren't letting up yet.
Written by Danny Palmer, Senior Writer

There's been a huge increase in cyber criminals attempting to perform attacks by exploiting remote login credentials over the last year, as many employees continue to work from home.

Working from home has become a necessity for many and it's only by remotely logging in to corporate VPNs and application suites that people are able to continue to do their jobs.

However, the rise in remote working has provided cyber criminals with a greater opportunity to slip into networks unnoticed by using legitimate login credentials – whether they are phished, guessed or otherwise stolen. By using legitimate login details instead of deploying malware, it's easier for attackers to go about their business without being detected.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)    

According to researchers at cyberscurity company ESET, that ease has led to a 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020. In total, ESET detected 29 billion attempted RDP attacks across the year, as cyber criminals attempt to exploit remote workers.

In some cases, RDP ports are even misconfigured, providing attackers with even greater access to networks.

Either way, RDP attacks can be used to infiltrate networks to examine and steal sensitive information, while it can also be used as a means of gaining enough access to the network to deploy ransomware attacks.

This is all in environments that might be less protected than they would be if employees were working from within the office, rather than working remotely.

"RDP attacks are focusing on technology not on the human beings, thus require less handiwork from the attackers. Misconfigured RDP in many cases leads to valuable resources, such as company servers or devices with admin rights, that represent a springboard for further, often network-wide, compromises," Ondrej Kubovič, security awareness specialist at ESET told ZDNet.

The ESET report notes that there was a drop off in RDP attacks during December, something that they've attributed to cyber criminals taking time off over Christmas. But it's expected that 2021 will continue to see cyber criminals attempting to use RDP attacks to break into corporate networks, especially as employees continue to work remotely.

However, there are actions that organisations can take to make it much more difficult for cyber criminals to successfully compromise the network with RDP attacks.

SEE: Ransomware victims aren't reporting attacks to police. That's causing a big problem

IT security teams should encourage users to use strong passwords that are difficult to guess with brute force attacks. That password shouldn't be used for any other accounts in order to lower the risk of compromise as a result of the password being leaked or breached elsewhere.

Applying two-factor authentication across the network will also go a long way to preventing cyber criminals conducting successful RDP attacks, as it's much harder to get hold of the extra layer of verification needed to access accounts.

Ensuring that users are using the latest versions of operating systems and software by having a solid patching strategy in place can also provide an additional layer of defence against attempted attacks.


Editorial standards