Recently, the cyberattacks are at their peak; RDP Brute-Force attacks have increased by more than 100k, as hackers are constantly attempting it for remote hacks. These attacks have increased mainly in this lockdown period due to the severe COVID-19 pandemic.
During this COVID-19, the way of doing work has changed, as people are working from home online. As this situation has affected the whole world, so, the employees are forced to work from home and do most of the work remotely.
Since most of the employees around the world are working as remote workers, they are the primary victims who get affected by the cybercriminals, mainly the ransomware operator, who always keeps an eye on their daily work and shift.
Daily more than 100k RDP Brute-Force attacks
The rapid surge in remote workers has given the attacker to exploit the all-new opportunity and improve their illegal earnings. According to the ESET security firm report, these attacks are increasing rapidly, and they informed that hackers attempt more than 100k RDP brute-force attacks for remote hacks.
Cybercriminals had made personal devices as their primary instrument so that they can easily connect to the working environment through remote desktop service or Windows Remote Desktop Protocol.
This is a golden opportunity for cybercriminals, they did not waste any time, and they increased the number of RDP based brute-force attacks.
To gain access to the network, hackers deploy their malware, and these attacks have increased by more than 100,000 in April and May. The company affirmed that hackers are focusing on the RDP services so that the hackers can deploy their malicious tools for decrypting the company data.
Configure Remote Access Correctly
To configure the remote access correctly, we have to follow some necessary steps that we have mentioned below:-
- Disable the internet, following the RDP, or you can minimize the number of users.
- You need to have a complex and secure password.
- Use an additional course of authentication.
- Install a VPN to break all RDP connections.
- Disallow all external connections to local machines on any RDP port.
- Actively protect your endpoint security.
- If there is any insecure or outdated computer, then isolate them.
- Use FTP, SMB, SSH, SQL, TeamViewer, VNC for best practices.
Here are the common synopses following an RDP compromise can accommodate:-
- Remove evidence of the previous attack, clear the log files.
- Download and runs the tools and the malware that are used by the attackers on the compromised system.
- Disable the scheduled backups and all the shadow copies, or you can erase them, and exfiltrate the data from the server.
Therefore, the firm asserted that they would support the RDP by using strong, unique passwords for all accounts that are accessible through RDP and providing an additional layer of authentication that is the two/multi-factor authentication.