Home Office: More attacks on remote desktop protocols
The switch to home office is a big challenge for many employees as well as for companies, as this situation is also exploited by cybercriminals. Kaspersky has some tips.
Kaspersky notes a 252 percent increase in brute force attacks on remote desktop protocols (RDP), particularly in Germany, compared to the previous year. In the corporate blog Kaspersky speaks of 1.7 million unique malicious files that were disguised as apps for corporate communications.
A gateway for brute force attacks - and at the same time one of the most popular protocols on the application level - is the Remote Desktop Protocol (RDP) in Windows. During the first lockdown, attacks on computers made available to remote employees, some of which were incorrectly configured, increased worldwide, according to Kaspersky.
Another group, disguised as enterprise applications, were downloaders: applications that are not necessarily malicious themselves, but can download other programs, from Trojans to remote access tools. These often reloaded adware to flood victims' devices with unwanted ads or spy on their personal data.
Kaspersky lists seven tips for companies to protect their digital infrastructure:
- Employees should be allowed access to the corporate network via a corporate VPN. In addition, multi-factor authentication provides protection against RDP attacks.
- Ensure employees have everything they need to work securely in the home office and know who to contact for IT or security issues.
- Set up basic cybersecurity training to train the workforce's awareness of it. This can also be done online. The focus should be on managing accounts and passwords, endpoint security, and securing web browsing.
- Regularly update devices, software, applications and services.
- Constant access to up-to-date threat information must be ensured to support the protection solution in use.
- In addition to physical endpoints, it is important to secure cloud workloads and virtual desktop infrastructures.
- Deploy an enterprise security solution for log inspections to configure alerting rules for brute force attacks.
Source: Kaspersky