Tech & Science COVID-19 pandemic increases brute force attacks on remote desktop services

14:30  30 june  2020
14:30  30 june  2020 Source:   zdnet.de

Microsoft gives tips against ransomware

 Microsoft gives tips against ransomware © DEFAULT_CREDIT ransomeware-shutterstock-carlos-amarillo-800 Blackmailers are striking more than ever in the current crisis. Microsoft's security experts want some advice to help reduce the risk of ransomware. ransomware blackmailers gain access to third-party computers, encrypt data and only release it for ransom payments. This can even be life-threatening if critical systems fail in hospitals. This does not in any way prevent hackers from attacking hospitals.

The number of daily brute - force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, telemetry data shows. With the increase of remote workers during the COVID - 19 period, many users no longer relied on the infrastructure monitored by the

RDP brute - force attacks are always going on, representing a good chunk of all the bad traffic recorded every day on the internet. Earlier this month, internet indexing service Shodan reported a 41% increase in the number of RDP endpoints available on the internet, as the COVID - 19 pandemic was

RDP-Angriffe (Bild:Eset) © DEFAULT_CREDIT RDP attacks (Image: Eset) The number of daily attacks doubles between early December and early February. In May Eset even registered more than 100,000 brute force attacks on RDP connections per day. Hackers use the connections to inject malware, among other things.

The COVID-19 pandemic appears to have led to a significant increase in brute force attacks on the Windows Remote Desktop Protocol (RDP). According to an study by Eset , hackers are taking advantage of the fact that more people work in the Home Office and use their own devices to access the company network via services such as RDP.

Covid-19 may actually help improve remote working conditions

  Covid-19 may actually help improve remote working conditions Pipefy study shows how businesses can increase satisfaction and productivity among new remote workers.Chief among them is the fact that, despite enjoying additional family time and greater flexibility, more than 40 percent of respondents reported suffering from reduced overall mental health and wellbeing. While this no doubt reflects wider quarantine conditions related to Covid-19 beyond the home office, it’s telling that new remote workers were significantly more likely to experience problems compared to their more seasoned counterparts.

Brute - force attacks explained, and why they are on the rise. The rush to enable employees to work from home in response to the COVID - 19 pandemic resulted in more than "McAfee ATR has noticed an increase in both the number of attacks against RDP ports and in the volume of RDP credentials

It’s widely known that leaving Windows® Remote Desktop Protocol (RDP) ports open to the internet is a major risk to cybersecurity in the enterprise. Although we would never condone this practice, we’ve come up with three tips to help prevent brute - force attacks on open RDP ports and Windows virtual

Eset's telemetry data shows a surge from early December 2019 - from less than 40,000 brute force attacks a day to up to 70,000. By the beginning of January, the level had dropped back to less than 60,000 attacks a day, and then by the beginning of February it had risen again to over 80,000 attacks. Since then, the number of daily attacks has increased almost continuously to more than 100,000 at the beginning of May.

RDP-Angriffe (Bild:Eset) © Provided by ZDNet RDP attacks (Image: Eset) According to Eset, the numbers suggest that many users rely on convenience when setting up RDP connections and set up easy-to-remember passwords, which are usually easy to guess. In addition, security measures such as a two-step registration are often dispensed with.

Based on the IP addresses, most attacks originated in the USA, China, Russia, Germany and France. Most victims, however, come from Russia, Germany, Brazil and Hungary.

Superheroes: Then and now

  Superheroes: Then and now Superheroes: Then and now

“ Brute - force attackers are not surgical in their approach, but operate by area,” Galov wrote. “As far as we can tell, following the mass transition to home working, they logically concluded that the number of poorly configured RDP servers would increase , hence the rise in the number of attacks .”

Brute force attacks on the secure shell (SSH) service have been used to compromise accounts and passwords. With this approach, an automated program often tests combinations, one at a time, of possible usernames and passphrases. 3 CIOs talk driving IT strategy during COVID - 19 pandemic .

hackers who have successfully cracked an RDP connection usually use it, according to Eset, to inject ransomware and collect a ransom. Attacks with crypto nominees and espionage programs were also registered. In addition, hackers are said to have stopped or deleted backup services and stolen data.

Eset also advises to switch off RDP connections that can be reached via the public Internet, or to protect them via a virtual private network. In a firewall, all external connections to local computers should also be prevented via port 3389 or any other RDP ports.

WEBINAR Webinar: Network security and network monitoring in the new normal

The Gigamon Visibility Platform is the catalyst for the fast and optimized provision of data traffic for security tools, network performance and application performance monitoring. Find out in this webinar how Gigamon solutions can increase the efficiency of your security architecture and save costs.

Register now and watch the webinar recording.

Coronavirus: the pandemic kills more than 300,000 people worldwide .
© Flavio Lo Scalzo, Reuters Journalist Daniela Taiocchi is leafing through an edition of the newspaper L'Eco di Bergamo in which ten pages of obituaries were published due to the high number deaths due to coronavirus disease (COVID-19), in Bergamo, Italy, on May 12, 2020. The coronavirus pandemic has caused more than 300,000 deaths worldwide, while nearly 4.5 million contamination has been confirmed. With more than 162,000 deaths, Europe is the most affected continent.

—   Share news in the SOC. Networks
usr: 0
This is interesting!