September 20, 2020

Kaspersky said the RDP bruteforce attacks are increasing at the start of COVID-19

2 min read

Affected by the coronavirus epidemic, companies in many countries and regions are now implementing remote office, and the use of remote office services naturally increases the use of Microsoft Remote Desktop Protocol.

However, hackers are also targeting the remote desktop protocol to infect the devices through a brute force attack. RDP bruteforce attacks are not new, but now the amount of bruteforce attacks has increased significantly. The reason for the increase is likely to be related to the recent surge in the use of remote desktop protocols.

Remote Desktop Protocol

According to the monitoring data of the well-known security company Kaspersky, before March 2020, the attacks on the RDP bruteforce attacks were about 150,000 times a day.

By mid-March, the number of cracking-related attacks increased sharply to 500,000, and by the end of March, the number of related attacks exceeded 900,000 and continued to grow.

Kaspersky observed that the attack activity was positively related to the situation affected by the epidemic. For example, China, Italy, Germany, and France had more attacks than other countries.

Recently, the United States has become the country with the largest number of new coronavirus infections in the world. After the implementation of the home isolation policy, the use of remote desktop protocols in the United States has surged.

Correspondingly, there were only 200,000 operations related to the Remote Desktop Protocol brute force attacks in the United States before March, more than 800,000 in mid-March, and 1.4 million in April.

The most critical thing for enterprises is to guide employees to use strong passwords because brute force cracking itself is constantly trying various weak passwords for testing.

If you use a weak password, it is likely to be cracked and cause a security threat. If you use a strong password, the difficulty of cracking increases dramatically.

In addition, it is also recommended that companies force employees to use the NTLM authentication protocol, which will help improve the security of RDP and RDS against brute force cracking.