Computer networks are being aggressively bombarded with billions of password-guessing attacks as cyber criminals attempt to exploit the growth in remote desktop protocol (RDP) and other cloud services in corporate environments.
Cybersecurity researchers at ESET detected 55 billion new attempts at brute-force attacks between May and August 2021 alone – more than double the 27 billion attacks detected between January and April.
Successfully guessing passwords can provide cyber criminals with an easy route into networks and an avenue they can use to launch further attacks, including delivering ransomware or other malware. Once in a network, they'll attempt to use that access to gain additional permissions and manipulate the network, performing actions like turning off security services so they can go about their activities more easily.
SEE: A winning strategy for cybersecurity (ZDNet special report)
One of the most popular targets for brute-force password-guessing attacks are RDP services. The rise in remote working has led to an increase in people needing to use remote-desktop services. Many of these are public-facing services, providing cyber criminals with an opportunity to break into networks – and it's an opportunity they're eager to exploit.
The sheer number of attacks means most will be automated, but if accounts are secured with simple-to-guess or common passwords – and many are – then they can make easy pickings for attackers. Once a password has been successfully breached, it's likely an attacker will take a more hands-on approach to reach their end goal.
"With the number of attacks being in the billions, this is impossible to do manually – so these attack attempts are automated. Of course, there is always a manual aspect when cybercriminals are setting up or adjusting the attack infrastructure and specifying what types of targets are in their crosshairs," Ondrej Kubovič, security awareness specialist at ESET, told ZDNet.
In addition to targeting RDP services, cyber criminals are also going after public-facing SQL and SMB services. These services will often be secured with default passwords that attackers can take advantage of.
One of the reasons why brute-force attacks are successful is because so many accounts are secured with simple, one-word passwords. Requiring passwords to be more complex could go a long way to preventing the accounts from being breached in brute-force attacks. The National Cyber Security Centre suggests users use three memorable words as a password – something that's far more robust against brute-force attacks than a single word.
Organisations can also provide an additional layer of protection against brute-force password-guessing attacks – and other campaigns – by deploying multi-factor authentication (MFA). Using MFA means that, even if the attackers know the correct password, there's an extra barrier to prevent them from automatically being able to access the network.
MORE ON CYBERSECURITY
- Ransomware operators love them: Key trends in the Initial Access Broker space
- Cloud security in 2021: A business guide to essential tools and best practices
- Best antivirus software for 2021
- This major ransomware attack was foiled at the last minute. Here's how they spotted it
- Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target