KASPERSKY has sounded the alarm over cyber hacks in Southeast Asia, after the global cybersecurity company foiled over 47 million Remote Desktop Protocol (RDP) attacks in the region during the first six months of 2022 (1H 2022).
The cyber attacks, which see hackers attempting to remotely control servers and PCs through systematic checks for possible passwords, are going after hybrid and remote workers, the newfound norm of working in the region.
In a statement, Kaspersky said the number of Bruteforce.Generic.RDP attacks targeting remote workers in Southeast Asia logged a total of 47,802,037 incidents from January to June this year (or an average of 265,567 attacks daily).
The statistics were based on detection verdicts of Kaspersky products that the company received from users who consented to provide such data.
RDP is Microsoft’s proprietary protocol, providing a user with a graphical interface to connect to another computers through a network. It is widely used by both system administrators and less-technical users to control servers and other PCs remotely.
A Bruteforce.Generic.RDP attack attempts to find a valid RDP login or password pair by systematically checking all possible passwords until the correct one is found. A successful attack allows an attacker to gain remote access to the targeted host computer.
Kaspersky Southeast Asia general manager Yeo Siang Tiong added that during 1H 2022, Kaspersky secured most users from Vietnam, Indonesia and Thailand from this type of brute-force threat.
“Naturally, working from home or anywhere out of the office requires employees to log in to corporate resources remotely from their personal devices,” he said. “One of the most common tools used for this purpose is RDP.”
He noted that since Microsoft 365 is still the preferred software used by enterprises and remote working is the new norm for workers in Southeast Asia, half of whom are under 30 and tech-savvy, Kaspersky believes this type of attack continues to be used.
“Expected to continue their chase”
The company also expects that malicious actors will continue their chase to compromise companies and organisations in the region through brute-force attacks.
“While RDP attacks are not conceptually new, Kaspersky notes that cyber criminals exploit recent trends and the remote and hybrid environment to target enterprises.
“Brute-force attacks on RDP are not new, but never before have so many employees used these protocols. That is likely the reason why they continue to be the primary focus for attackers in Southeast Asia,” Yeo said.
While corporate and perimeter security remains important, Kaspersky said the recent mass transition to remote or hybrid work has shown all too clearly that even the best corporate security cannot compensate for a lack of user awareness.
Especially with 60% of companies allowing employees to use their own devices for work, they said businesses must train their staff in cybersecurity best practices so that they are aware of the risks and understand how to work securely with corporate resources.
This “cyber hygiene” training must also be accompanied by changes in IT administration as it is the IT department that needs to provide additional support to employees and make sure updates are applied on time and issues with connecting remotely are fixed promptly.
“For many businesses, remote work is not a temporary solution. Many have already announced that, even after the COVID-19 pandemic subsides, work-from-home options and a hybrid model will become a permanent fixture of the employee experience.
Moving forward, businesses have to rethink the way their corporate networks are organised, said Yeo, as cyber criminals will always be ready to take advantage of disruptive current events.
For instance, since all machines are not located in the office and hence, not connected to the corporate network, adjustments need to be made to ensure endpoints stay secure and corporate resources are protected. – Oct 5, 2022
Main photo credit: AP
