Posted on October 18, 2021
Want to interview Gerry?Contact
Early in the COVID pandemic, we wrote about how attacks on RDP surged as huge numbers of employees shifted to working from home.
Back then, we thought it was bad news when attacks on RDP ports in the US topped one million a day. Now, almost a year and a half later, those million attacks are looking like child’s play.
A recently issued cybersecurity report revealed that 55 billion new brute force attacks on RDP ports had been detected between May and August of 2021. That’s over 450 million attacks each and every day – double the pace from the first four months of the year.
During those four months, over 17% of the attacks were on targets in Spain. The report describes Spain’s woes as a “runaway trend,” with attacks against targets in the country accounting for a third of all those detected in August.
Europe is being hit hard in general – targets in Germany, Italy, and Poland each accounted for around 6% of attacks. Those three countries, together with Spain, accounted for over one third of all attacks.
The USA was in third place, behind Spain and Germany, with 6.5% of the attacks. That came to 27 million a day – a 27-fold increase over what we found alarming early in the pandemic.
The reasons for the increase in RDP-related attacks that we mentioned back at the start of the pandemic – more people working from home, and lazy users with easy to guess usernames and simple, easy to break passwords – remain relevant today. Additionally, it seems hackers are having a hard time finding new targets, so they are hitting familiar targets with greater gusto. The number of daily attacks per unique client doubled between the first trimester of 2021 and the second, from 1,392 attempts per machine per day to 2,756.
The best way to avoid attacks on RDP ports is to avoid using RDP. Ericom Connect enables users to access in-office computers remotely via VPN or with our built-in secure gateway, without relying on RDP. An even better strategy is to migrate to full ZTEdge Zero Trust Network Access (ZTNA), which protects against lateral movement in the event that a hacker gets in.
Both Ericom Connect and ZTEdge ZTNA are relatively quick and easily to implement. But to help you secure your RDP-based setup these are a few precautions you can take right now:
Retiring RDP solutions, or at a minimum, protecting against brute force attacks on RDP ports, is just one small effort toward staying cyber safe. With the continuing increase in cyberattacks of all kinds, the ideal solution is to start moving to a Zero Trust approach to network security as soon as your organization possibly can.
In a recent report, ransomware and BECs take the prize as most-favored types of cyberattacks. A flourishing ransomware-as-a-service market makes attacks easier than ever, and offers a large menu of encryption options.
The recently exposed Microsoft Teams GIFShell technique demonstrates why Zero Trust protection for app surfaces is essential for even the most trusted enterprise apps.
In recently reported Adversary-in-the-Middle attacks, hackers bypass MFA by using session cookies that they illicitly extract from HTTPs requests, via reverse proxies.