October 28, 2020

RDP attacks soar under work from home measures

By Robert Scammell

The number of Remote Desktop Protocol (RDP) attacks soared by 140% in Q3 compared with the previous quarter, as cybercriminals looked to take advantage of companies relying on remote access while working from home.

RDP makes it possible for one computer to connect to another over a network and control it as though the individual was sat at the keyboard themselves. While the Microsoft tool is useful for businesses and popular among IT administrators, it has increasingly been targeted by hackers who try to gain administrator access to company servers. Once inside they are able to disable security software, steal files, delete data and install malicious software.

Slovak internet security firm ESET detected the surge between July and September, with the number of separate companies reporting brute-force attacks against their RDP connection increasing by 37% quarter-over-quarter.

RDP attacks also grew steadily throughout the first half of 2020, ESET said.

“Ransomware gangs showed other underground players that compromising RDP and stealing victims’ sensitive data can be a very profitable attack technique,” said Jirí Kropác, head of Threat Detection Labs, ESET.

“This, combined with the growing number of poorly secured systems being connected to the internet during the pandemic, has fuelled the extreme increase in brute-force attack attempts against RDP as seen in ESET telemetry data.”

However, the surge in RDP attacks proved to be short-lived, with the volume falling by almost 40% at the end of September.

This declining trend was observed in multiple regions, leading ESET researchers to theorise that the criminal infrastructure was disrupted, members arrested or a “cheaper or more easily exploitable attack vector became available”.

ESET’s Q3 2020 Threat Report also revealed how cybercriminals have started to ditch coronavirus-themed scams and go “back to basics”.

This is likely because Covid-related lures – such as fake testing emails – have been “played out”.

Cryptominers – malware installed to hijack a computer’s processing power to mine for cryptocurrencies – also saw an uptick in Q3 after declining during the previous seven quarters.

Banking trojan Emotet also saw a resurgence in Q3, with criminals using a new template for malicious Word attachments named ‘Red Dawn’.

Read more: Remote Desktop Protocol a cyber-risk in 90% of organisations


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: