Infosec pros are being warned to make sure Windows systems are locked tightly down after evidence emerged that generic brute force attacks on computers and servers allowing access through Microsoft’s remote desktop protocol have recently skyrocketed.
In a report released Thursday security vendor Kaspersky Labs said that since the beginning of March — roughly when organizations began insisting people work from home due to the COVID-19 pandemic — hackers’ attempts to force their way into Windows systems through brute force credential attacks have jumped significantly.
“As far as we can tell, following the mass transition to home working, they [attackers] logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks,” the report says.
Brute force attacks can be based on combinations of random characters or a dictionary of popular or compromised passwords, it adds.
The numbers released cover seven countries: The U.S., Italy, Germany, Spain, France, Russia and China.
In the U.S. there was a leap around March 10, followed by a huge spike on April 6th. By comparison, the jump that started around March 10th in China has steadily grown.
Kaspersky says administrators who allow RDP to be used should
- at the very least verify that employees use strong passwords;
- make RDP available only through a corporate VPN;
- use Network Level Authentication (NLA);
- if possible make employees use two-factor authentication;
- if you don’t use RDP, disable it and close port 3389.
If you use a different remote-access protocol, admins still cannot relax, says Kaspersky: At the end of last year, its researchers found 37 vulnerabilities in various clients that connected via the VNC protocol, which, like RDP, is used for remote access.
In addition, the report also urges infosec leaders to remind employees of the basics of digital security, including their responsibility to update the software on personal devices that connect to the corporate network. If possible, make them install security solutions on those personal devices.