Darknet

RDP Attacks Reached Record Levels as More Employees Continue to Work from Home

The vast majority of companies had to switch to remote work due to the Covid-19 pandemic. As life for large swaths of the population moved entirely online, the cybercriminals were all set. The methods and tactics used by criminals on the Internet looking to exploit the massive increase in online traffic.

Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic.

The Biggest Trends in Spam and Phishing

Phishing attacks proved to be a highly lucrative attack vector for cybercriminals. For instance, involving advertisements for masks, the primary goal is stealing money and/or payment information.  A fake landing page for a mask advertised in a phishing email (as shown below). Users are prompted to put in their payment details for a mask that will most likely never arrive.

Phishing Email: Fake advertisement for masks

Scammers often mimic leading authority figures on the pandemic, like the CDC and the World Health Organization, to give their emails additional authority and increase the chances that users would click a malicious link.

Upon clicking the link, users could end up unintentionally downloading a range of threats on their computer, from various Trojans (malicious files that allow cybercriminals to do everything, from deleting and blocking data to interrupting the performance of the computer) and worms (files that are capable of destroying, blocking, modifying or copying data).

An email supposedly from the CDC claiming that there is an urgent update regarding the pandemic

Remote Work and the Rise of Brute-Force Attacks

During the pandemic, very few companies had time to put the proper security measures in place. The result was that many became vulnerable to a host of new attacks as their employees began logging in to corporate resources from personal devices and on unsecured networks.

RDP is one of the most popular remote access protocols used by companies, making it a favourite target for attackers. In a brute-force attack, attackers attempt to randomly guess a username and password for the RDP connection by trying different combinations until they guess the correct one — and gain access to the confidential corporate resources.

As soon as lockdowns were announced, the number of brute-force RDP attacks radically increased — from 93.1 mln worldwide in February to 277.4 mln in March — a 197 percent increase. In February 2021, there were 377.5 mln brute-force attacks — a far cry from the 93.1 mln witnessed at the beginning of 2020.

Virtual Communication Platforms Under Attack

Internet demand reached extraordinary levels. Large companies from Facebook to Netflix to YouTube were forced to reduce their video quality to keep up with demand.

By May of 2020, the average daily number of attacks blocked by Kaspersky Web Anti-Virus had increased by 25%. The number of web attacks, after displaying a decline in the summer of 2020, reached a new peak in December as much of the world was facing a second wave of pandemic. Meeting and messenger apps, like Zoom and Teams, became a popular lure for distributing cyberthreats.

Awareness

Certainly, the more time users spend online, the more vulnerable they are to security risks. Users must view any email or website referencing the pandemic with a skeptical eye. Businesses need to reevaluate their usage of RDP and learn how to secure remote access.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Enormous Growth in RDP Attacks as Hackers Targeting Employees Working From Home

Hackers Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Lessons Learned from the CISA – Ivanti Cyberattack – 2024

In today's digital era, the frequency and sophistication of cyberattacks are on the rise, posing…

2 hours ago

Cisco Warns of Password Spraying Attacks Exploiting VPN Services

Password spraying is a technique hackers often take advantage of because it enables them to…

4 hours ago

GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now

GitLab has announced the release of updated versions for both its Community Edition (CE) and…

5 hours ago

Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now

Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…

9 hours ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

22 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

24 hours ago