Mumbai: Attacks on remote desktop protocols (RDP) grew a massive 242% reaching 3.3 billion in 2020 compared to 2019, according to Kaspersky researchers. Also, a 1.7 million unique malicious files disguised as apps for corporate communication appeared.
These findings show how attackers are putting their efforts into targeting users that work from home. Kaspersky researchers discovered these and other findings in the company’s ‘Story of the year: remote work’ report.
Moving employees to work from home in such a short time span opened up new vulnerabilities that cybercriminals were quick to target. The volume of corporate traffic grew, and users swiftly moved to using third-party services to exchange data, and work via potentially insecure Wi-Fi networks.
Another headache for information security teams was, and still is, the increased number of people using remote-access tools. One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — remote desktop protocols (RDPs).
Computers that have been made available to remote workers and incorrectly configured grew in number during the first wave of lockdowns across the globe, and so did the number of cyberattacks on them.
These attacks were usually attempting to brute-force (systematically trying to find the correct option) a username and password for RPD. A successful attempt resulted in cybercriminals gaining remote access to the target computer in the network.
Since the beginning of March, the number of Bruteforce.Generic.RDP detections has skyrocketed, resulting in the total number detected in the first 11 months of 2020 growing by 3.4 times compared to same type of attacks in 2019.
Overall, 3.3 billion attacks on remote desktop protocols (RDP) were detected between January and November 2020. In 2019, during the same 11-month period, Kaspersky detected 969 million of these attacks worldwide.
The number of detections in India alone went as high as 36 million (36356139) in 2020 between January- November, while the number of attacks during the same period in 2019 was around 18 million. 18113663.
RDP attacks dynamics, January – November 2019 vs 2020
Aside from attacks on remote desktop protocols, cybercriminals were quick to figure out that many workers replaced offline communication with online tools and so decided to abuse this demand too. Kaspersky detected 1.66 million unique malicious files that were spread under the guise of popular messenger and online conference applications, typically used for work.
Once installed, these files would primarily load Adware – programs that flooded victims’ devices with unwanted advertising and gathered their personal data for third-party use. Another group of files disguised as corporate apps were Downloaders – applications that may not be malicious, but are able to download other apps, from Trojans to remote access tools.
“As the focus switched to remote work, so did the cybercriminals, who directed their efforts to capitalize on a rise in adoption. I am happy to state that the adoption process was fast and this meant the world could go on.”
“Economies did not freeze and we still get to have our coffee, albeit, via delivery services. Yet now we know that there is still a lot to learn about the responsible use of technology, with data sharing at the heart of it,” commented Dmitry Galov, Security researcher – Kaspersky.
According to Galov, one of the biggest challenges of 2020 turned out to be awareness of potential online dangers and the key here is not that the sudden demand for online services – be they work-related or for food delivery – grew.
“Many new users were people who in principle avoided being so digitally exposed in first place. They did not necessarily disregard the need for cybersecurity – they had simply chosen not to use digital services before and were less educated about what can happen online,” explained Galov.
“This group of people turned out to be one of the most vulnerable during the pandemic – their level of awareness of online dangers was very low. It seems like we have been given a big challenge worldwide and I hope that helped increase the level of cybersecurity awareness among ordinary users”, he pointed.
“2020 can be seen as one of the most challenging year that hit us all with a major health and economic crisis,” said Dipesh Kaura, GM – Kaspersky ( South Asia).
However, Kaura pointed out that this year also helped in fast-forwarding healthcare and technological progress by putting through various obstructions and limitations and pushing towards overcoming these challenges with the help of science and technology.
According to Kaura, the sudden digital boost in India has not only helped its citizens to grow online but has also made them more aware and careful of the potential online / cyber threats.
From government bodies to enterprises, small and medium businesses, banking institutions, online shopping websites, remotely working employees, students, healthcare professionals, and other online users, all have in the last 11 months become more aware of cybersecurity than ever before.
“The year has definitely seen a drastic increase in the number of cyberattacks all around the world, but it has also been very crucial in increasing the cybersecurity awareness and cyber maturity amongst people,” said Kaura.
“Organisations and consumers are now ready to talk openly about how they were attacked by cybercriminals, and these discussions are very necessary and helpful for us to understand the potential threats standing in our way and how improving our cyber immunity can help us fight against them”, added Kaura.