Enormous Growth in RDP Attacks as Hackers Targeting Employees Working From Home

Nowadays, there is a vast increase in cybercriminal attacks, and the RDP attacks are at the top of these attacks list in 2020. As cybercriminals are continuously implementing new attack methods by exploiting remote login credentials.

The attack rate has increased over the last year, as many employees started to work from home due to the Covid-19 situation. The cybersecurity firm ESET has recorded a 768% progress in RDP attacks between Q1 and Q4 2020.

Banking Malware and Backdoors

LATAM banking trojans are emerging to be cooperating closely. However, researchers have done long-term research into these trojans and found that the trojan is showing a great number of common characteristics among the families.

The experts have noticed Since 2019 that various Latin American banking trojans have begun targeting the European countries; the hackers are mainly targetting Spain and Portugal. Moreover, there is an additional common feature, “the hackers are using similar spam email templates in every attack.” 

Backdoors: ESET Research group has found a modular backdoor identified as ModPipe; this backdoor allows the threat actors to access all the sensitive information on the devices that are running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS.

APT Groups Involved 

  • XDSpy
  • Lazarus group
  • Turla
  • InvisiMole group 
  • Winnti Group

More on privacy 

As we said above that there is a vast increase in RDP attacks over the last year, the attacks were increased because all the employees have started working from home.

According to the security researchers of ESET, they have identified 29 billion attempted RDP attacks across the year, and all the cybercriminals are attempting to exploit the remote workers.

There are many cases where the RDP ports are even misconfigured, presenting the threat actors with greater access to networks. Moreover, the ESET report identifies that there was a drop off in RDP attacks in the month of December.

There are tricks that organizations can take to make the situation more difficult for the threat actors to negotiate the network along with RDP attacks successfully.

According to the expert’s report, it’s assumed that 2021 will proceed to see cybercriminals attempting to utilize the RDP attacks so that they can break into corporate networks, particularly as employees who continue to work remotely.

That’s why all the IT security teams should assist every user to use strong passwords that are very challenging to guess with brute force attacks. 

The password that the users are using shouldn’t be used for any other accounts in order to minimize the risk of compromise. More importantly, users must use the latest versions of operating systems and software by obtaining a solid patching strategy.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.