sb-eu logo
Story image

Report: Brute-force attacks feed on remote working vulnerabilities

30 Jun 2020

Brute-force attacks have risen significantly in correlation with the widespread impacts of the COVID-19 pandemic according to ESET,  which has tracked the trend by measuring the frequency with which it has blocked such attacks.

The United States, China, Russia, Germany and France topped the list of countries with most IPs used for brute-force attacks, the cybersecurity company says.

The trend is yet another indicator of the opportunism of cyber criminals, especially ransomware operators, who are seeking to exploit the shift to remote working and the vulnerability of security infrastructures buckling under pressure.

“Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department,” says ESET security research and awareness specialist Ondrej Kubovič.

“But the coronavirus pandemic has brought a major shift to the status quo. 

“Today, a huge proportion of ‘office’ work occurs via home devices, with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP), a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers.

“Despite the increasing importance of RDP, as well as other remote access services, organisations often neglect its settings and protection,” says Kubovič.

“Employees use easy-to-guess passwords, and without additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organisation’s systems.”

Using its telemetry capabilities, ESET discovered most of the blocked IPs in January–May 2020 were seen in the United States, China, Russia, Germany and France. Countries that had the largest proportion of targeted IPs were Russia, Germany, Japan, Brazil and Hungary.

The usage of RDPs has been one of the major contributors to the general increase in security risk profiles for organisations with remote workforces. 

It has become a popular attack vector in the past few years, especially among ransomware gangs. These cybercriminals often brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions, and then run ransomware to encrypt crucial company data.

Still other cyber attackers may instead take advantage of an unsecured RDP to create coin-mining protocols or create backdoors, which can then be used in case their unauthorised RDP access has been identified and closed.

The research from ESET comes only a week after the company reported a coordinated spear-phishing campaign which leveraged persuasive LinkedIn messaging as its lure.

The LinkedIn message describes a believable job offer, seemingly from a well-known company in a relevant sector. Files were sent directly via LinkedIn messaging or via email containing a OneDrive link.

ESET researchers later discovered that such LinkedIn profiles were fake, and the files sent were malicious.

Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
Cyber-pandemic: The most notable cyber attacks of 2020
2020 and the COVID-19 pandemic saw employees move to remote working, keeping IT professionals on high alert for cyberattacks. More
Story image
Organisations investing significant time modifying web application firewalls to keep ahead of cybersecurity threats
"The sheer amount of traffic and potential threats can ensnare resources and impact the ability to introduce greater precision to those key systems."More
Story image
Three steps to a security-driven network for a stronger security posture
As the threat landscape continues to evolve and organisations stand to lose so much if they fall victim to an attack, it’s essential to ensure that security measures evolve in line with the network itself.More
Story image
Palo Alto Networks expands IoT security to healthcare
"Palo Alto Networks IoT Security is designed to ensure Healthcare Delivery Organisations can realise the benefits of IoT for patient care — without sacrificing security."More
Story image
Ping Identity launches new verification service to reduce fraud
PingOne Verify is a new cloud service designed to help enterprise customers to verify their identity for rapid account onboarding, authentication and fraud prevention.More