The number of Remote Desktop Protocol (RDP) attacks soared by 140% in Q3 compared with the previous quarter, as cybercriminals looked to take advantage of companies relying on remote access while working from home.
RDP makes it possible for one computer to connect to another over a network and control it as though the individual was sat at the keyboard themselves. While the Microsoft tool is useful for businesses and popular among IT administrators, it has increasingly been targeted by hackers who try to gain administrator access to company servers. Once inside they are able to disable security software, steal files, delete data and install malicious software.
Slovak internet security firm ESET detected the surge between July and September, with the number of separate companies reporting brute-force attacks against their RDP connection increasing by 37% quarter-over-quarter.
RDP attacks also grew steadily throughout the first half of 2020, ESET said.
“Ransomware gangs showed other underground players that compromising RDP and stealing victims’ sensitive data can be a very profitable attack technique,” said Jirí Kropác, head of Threat Detection Labs, ESET.
“This, combined with the growing number of poorly secured systems being connected to the internet during the pandemic, has fuelled the extreme increase in brute-force attack attempts against RDP as seen in ESET telemetry data.”
However, the surge in RDP attacks proved to be short-lived, with the volume falling by almost 40% at the end of September.
This declining trend was observed in multiple regions, leading ESET researchers to theorise that the criminal infrastructure was disrupted, members arrested or a “cheaper or more easily exploitable attack vector became available”.
ESET’s Q3 2020 Threat Report also revealed how cybercriminals have started to ditch coronavirus-themed scams and go “back to basics”.
This is likely because Covid-related lures – such as fake testing emails – have been “played out”.
Cryptominers – malware installed to hijack a computer’s processing power to mine for cryptocurrencies – also saw an uptick in Q3 after declining during the previous seven quarters.
Banking trojan Emotet also saw a resurgence in Q3, with criminals using a new template for malicious Word attachments named ‘Red Dawn’.