Hackers attack home offices every day with millions of RDP attacks. Companies underestimate the risk of poorly secured remote access. ESET's security experts are sounding the alarm.
Since the corona-related move to the home office, the number of daily hacker attacks on remote desktop connections (RDP) in the DACH region has increased more than tenfold. In June 2020 alone, the IT security manufacturer recorded up to 3,4 million attacks within 24 hours on the digital lifeline between companies and remote employees. The attackers are concerned with both accessing data and distributing ransomware.
35 attacks per second in DACH
Germany is the “front runner” in the DACH region. Before the outbreak of the corona pandemic, ESET security experts identified around 260.000 RDP attacks in 24 hours. With the beginning of the lockdown, the number rose rapidly. In April 2020 there were around 1,7 million attacks every day. By June, these attacks had climbed to around 3 million attempts per day.
In Switzerland, the attacks on RDP have increased almost eightfold. Starting from around 30.000 in January, the maximum was 220.000 attacks per day. The steep upward trend was interrupted by the relaxation of the corona measures in May.
The researchers also recorded a similar trend in Austria. In April, an average of around 140.000 attack attempts were made every day. With the easing in May, the numbers fell briefly, only to pick up speed again in June (205.000).
RDP attacks: companies underestimate the risk
Obviously, many companies do not take the threat posed by RDP attacks seriously or cannot find any other solution. This is confirmed by the ESET economic study "Quo Vadis, company?", Which explicitly deals with the question of securing connections between companies and home offices. Here, 30 percent of the companies surveyed stated that their employees only need a password for verification when logging on to the server. Not even half of the companies let their employees access via a secure VPN connection (44 percent). Only 29 percent use two-factor authentication (2FA) to secure access. The results clearly show that there is still a lot of catching up to do when it comes to securing the network. In most cases, the remote desktop protocol will be used, especially for security with just one password.
What is the Remote Desktop Protocol?
RDP is a proprietary Microsoft protocol that is available in all versions of Windows from XP. It allows you to share and control a computer or desktop remotely. Companies can use it to fall back on an inexpensive and simple way to enable employees to work remotely. A user name and password are required to connect to an RDP server.
Tips for secure RDP connections
Companies should minimize the risks of increased use of remote access via RDP or similar services. Ideally, direct RDP access over the Internet should be disabled. If this is not possible, experts recommend limiting the number of users who can connect directly to the company's servers over the Internet.
- Only allow strong and complex passwords for all accounts that use RDP.
- Use additional verification protection using multi-factor or two-factor authentication (MFA / 2FA).
- Use a VPN (Virtual Private Network) gateway for all RDP connections from outside your local network.
- Prohibit external connections to local computers via port 3389 (TCP / UDP) or via another RDP port on the firewall.
- Protect your endpoint security solution against manipulation or deinstallation by password protection of the settings.
- Isolate any insecure or obsolete computers that require RDP access over the Internet and replace them as soon as possible.
More on this at WeLiveSecurity from ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.