Over 50B Brute Force Attacks During the Summer of 2021

Author Avatar

by

Posted on October 18, 2021

Want to interview Gerry?

Contact

Early in the COVID pandemic, we wrote about how attacks on RDP surged as huge numbers of employees shifted to working from home.

Back then, we thought it was bad news when attacks on RDP ports in the US topped one million a day. Now, almost a year and a half later, those million attacks are looking like child’s play.

Explosion in RDP attacks

A recently issued cybersecurity report revealed that 55 billion new brute force attacks on RDP ports had been detected between May and August of 2021. That’s over 450 million attacks each and every day – double the pace from the first four months of the year.

What’s happening in Spain?

During those four months, over 17% of the attacks were on targets in Spain. The report describes Spain’s woes as a “runaway trend,” with attacks against targets in the country accounting for a third of all those detected in August.

Europe is being hit hard in general – targets in Germany, Italy, and Poland each accounted for around 6% of attacks. Those three countries, together with Spain, accounted for over one third of all attacks.

The USA was in third place, behind Spain and Germany, with 6.5% of the attacks. That came to 27 million a day – a 27-fold increase over what we found alarming early in the pandemic.

Why the surge?

The reasons for the increase in RDP-related attacks that we mentioned back at the start of the pandemic – more people working from home, and lazy users with easy to guess usernames and simple, easy to break passwords – remain relevant today. Additionally, it seems hackers are having a hard time finding new targets, so they are hitting familiar targets with greater gusto. The number of daily attacks per unique client doubled between the first trimester of 2021 and the second, from 1,392 attempts per machine per day to 2,756.

What can you do to protect your network?

The best way to avoid attacks on RDP ports is to avoid using RDP. Ericom Connect enables users to access in-office computers remotely via VPN or with our built-in secure gateway, without relying on RDP. An even better strategy is to migrate to full ZTEdge Zero Trust Network Access (ZTNA), which protects against lateral movement in the event that a hacker gets in.

Both Ericom Connect and ZTEdge ZTNA are relatively quick and easily to implement. But to help you secure your RDP-based setup these are a few precautions you can take right now:

  • Mandate the use of long, complex, and unique passwords that are very difficult – and possibly impossible — to break in a brute force attack.
  • Enable multi-factor authentication. Even if hackers do manage to crack a password, they still wouldn’t be able to get in.
  • Only allow RDP access via an encrypted connection such as a VPN (although VPNs are prone to their own vulnerabilities).

Retiring RDP solutions, or at a minimum, protecting against brute force attacks on RDP ports, is just one small effort toward staying cyber safe. With the continuing increase in cyberattacks of all kinds, the ideal solution is to start moving to a Zero Trust approach to network security as soon as your organization possibly can.


Share this on:

Author Avatar

About Gerry Grealish

Gerry Grealish, ZTEdge CMO, is a security industry veteran, bringing over 20 years of marketing and product experience in cybersecurity, cloud, analytics, and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he led the product marketing and go-to-market activities for the company’s broad Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed Cloud Access Security Broker (CASB) innovator, Perspecsys, where he was Chief Marketing Officer.

Recent Posts

The Quest for Easy Money: The 2022 Cyberthreat Environment

In a recent report, ransomware and BECs take the prize as most-favored types of cyberattacks. A flourishing ransomware-as-a-service market makes attacks easier than ever, and offers a large menu of encryption options.

Vulnerabilities in Enterprise Apps Earn Most-Favored Status for Cyberattacks

The recently exposed Microsoft Teams GIFShell technique demonstrates why Zero Trust protection for app surfaces is essential for even the most trusted enterprise apps.

Stolen Cookies Enabling Financial Fraud

In recently reported Adversary-in-the-Middle attacks, hackers bypass MFA by using session cookies that they illicitly extract from HTTPs requests, via reverse proxies.