UAE, December 20th 2020: There has been a worldwide, involuntary shift to relying on digital platforms and tools to work and carry out other aspects of our lives over the past year. The new stay at home way of living has resulted in organisations adjusting their corporate networks and led to the emergence of new threats, as well as the strengthening of existing ones. This does not necessarily mean that the total number of identified attacks grew in 2020, yet their redistribution is clear. Kaspersky researchers discovered a 242% growth of brute force attacks on remote desktop protocols (RDP) globally compared to last year and 1.7 million unique malicious files disguised as apps for corporate communication appeared. Both of these findings reflect how attackers are putting their efforts into targeting users that work from home. As a comparison, the number of brute force attacks on remote desktop protocols grew by 177% in the UAE. These and other findings have been covered by Kaspersky researchers in the company’s ‘Story of the year: remote work’ report.
Having to move employees to working from home in such a short space of time opened up new vulnerabilities that cybercriminals were quick to target. The volume of corporate traffic grew, and users swiftly moved to using third-party services to exchange data, and work via potentially insecure Wi-Fi networks.
Another headache for information security teams is the increased number of people using remote-access tools. One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP. Computers that have been made available to remote workers and incorrectly configured grew in number during the first wave of lockdowns across the globe, and so did the number of cyberattacks on them. These attacks were usually attempting to brute-force a username and password for RPD. A successful attempt resulted in cybercriminals gaining remote access to the target computer in the network.
Since the beginning of March, the number of Brute-force RDP detections has skyrocketed, resulting in the total number detected in the first eleven months of 2020 growing by 2.8 times compared to the number of the same type of attacks in 2019. Overall, 15.6 million attacks on Remote Desktop Protocols were detected between January and November 2020. In 2019, during the same 11-month period, Kaspersky detected 5.6 million of these attacks worldwide.
While there is a lot of responsibility on employers to keep corporate devices and networks secure, Kaspersky is also offering the following recommendations for consumers and workers during their time at home:
- Ensure your router works smoothly when transmitting Wi-Fi to several devices simultaneously, even when multiple workers are online and there is heavy traffic.
- Set up strong passwords for your router and Wi-Fi network.
- If you can, only do work on devices provided by your employer. Putting corporate information on your personal devices could lead to security issues.
- Do not share your work account details with anybody else.
- In order to protect personal devices, use a reliable security solution such as Kaspersky Security Cloud that safeguards your privacy, data and financial assets with a comprehensive set of tools and features, including a VPN, payment protection, PC cleaning, blocking unauthorized access to webcams, file encryption, password storage, parental control and more.