Skip to main content

Millions of remote desktop accounts attacked every week

(Image credit: Image source: Shutterstock/scyther5)

Since the start of the outbreak, we've seen cybercriminals target Zoom and spread coronavirus-related phishing campaigns, in a bid to take advantage of the increase in remote working.

Now, the latest research suggests criminals are also targeting employees reliant on Microsoft's proprietary Remote Desktop Protocol (RDP) with far greater regularity.

According to a new report from Kaspersky, hundreds of thousands of employees use RDP as a way to remotely connect to their office computer with the same privileges they would have on site.

However, RDP is also an enticing target for criminals, who are reportedly bombarding the service with brute-force attacks in a bid to gain entry.

Prior to the coronavirus pandemic, Kaspersky recorded around 100,000–150,000 attacks of this kind per day, but that number has shot up to almost a million.

“One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP,” said Dmitry Galov, Security Researcher at Kaspersky.

“The lockdown has seen the appearance of a great many computers and servers able to be connected remotely, and right now we are witnessing an increase in cybercriminal activity with a view to exploiting the situation to attack corporate resources that have now been made available (sometimes in a hurry) to remote workers.”

Kaspersky also said that a popular malware – TrickBot – was recently upgraded with a module for brute-forcing RDP accounts, signalling the rising popularity of the attack vector.

The best way to protect against these types of attacks is to activate two-factor authentication, which adds a layer of protection beyond simple passwords.