Home office: attacks on remote desktop protocols in Germany increased by 252 percent. Kaspersky has recorded almost 200 million attacks on RDP in Germany. 1,7 million malicious files worldwide disguised as corporate communication apps.
Since many people are working from home due to the Covid pandemic, they are increasingly using digital platforms and tools - both for professional and private purposes. This arouses the interest of cyber criminals, leads to the emergence of new threats and intensifies existing ones. Compared to the previous year, the experts at Kaspersky in Germany found an increase of 252 percent in brute force attacks on remote desktop protocols (RDP). They also identified 1,7 million unique malicious files disguised as corporate communications apps around the world. These two results show that attackers are targeting users who work from home.
Home office opens up new points of attack
The need to enable employees to work remotely in the shortest possible time opened up new points of attack for cyber criminals. The data transfer volume of companies increased and employees quickly switched to using potentially insecure WLAN networks and third-party services for data exchange and work in general. Remote access tools [4] remain a major challenge for corporate security teams. One of the most popular application-level protocols for accessing Windows workstations or servers is the Remote Desktop Protocol (RDP). Computers that were made available to remote employees and in some cases incorrectly configured increased worldwide during the first lockdown, as did the number of cyber attacks on them. In the course of such attacks, attempts were usually made to obtain user names and the associated passwords for RPD using the brute force method. If this strategy was successful, cyber criminals were given remote access to the target computer on the network.
The number of Bruteforce.Generic.RDP detections has skyrocketed since the beginning of March, which resulted in the total number recorded in Germany in the first eleven months of 2020 increasing by around 3,5 times compared to the same period in 2019 is. Between January and November 2020, 200 million attacks were detected in Germany and 3,3 billion worldwide on remote desktop protocols. In the same 11-month period in 2019, there were 969 million attacks globally.
Increased use of online tools
Aside from attacks on the RDP, cyber criminals quickly discovered that many home-based workers were replacing offline communication with online tools and began to exploit this for their own purposes. Kaspersky detected 1,66 million unique malicious files used under the guise of popular messenger and online conferencing applications worldwide. Once installed, these files primarily downloaded adware, programs that flood victims' devices with unwanted advertisements and collect their personal information for use by third parties. Another group, disguised as corporate applications, were downloaders - applications that are not necessarily malicious in themselves, but can download other programs, from Trojans to remote access tools.
Increase awareness of cyber threats
“This year has taught us a lot. The move to working remotely wasn't as smooth as one might imagine, especially given that we already lived in what we thought was a digitized world,” comments Dmitry Galow, security researcher at Kaspersky. “As the focus shifted to working from home, so did the focus of cybercriminals. They now geared their efforts towards benefiting from the increasing acceptance of this working model. On the one hand, I was pleased that this change took place quickly and that the working world could continue to function and the economy did not lie idle. On the other hand, however, we now also know that we all still have a lot to learn about the responsible use of technology, especially when it comes to the secure exchange of data.”
Creating awareness helps
Dmitry Galov continues: “Creating awareness of potential online dangers has emerged as one of the biggest challenges of 2020. The key here isn't that the sudden demand for online services - whether for work or grocery delivery - has increased. Many new users were people who had previously avoided exposing themselves digitally. They haven't necessarily discounted the need for cybersecurity, but have so far chosen not to use digital services. As a result, they were little informed about potential digital threats. This group of people proved to be one of the most vulnerable during the pandemic because their awareness of online dangers was very low. It seems like we've been presented with a big challenge globally and I hope this has helped raise the general awareness of cybersecurity among ordinary users."
More on this on SecureList from Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/