Based on Kaspersky’s telemetry, brute-force attacks versus Remote Desktop Protocol (RDP) among its users in the Philippines showed an increase of 98.41% in the first half of 2021 compared to the same period in 2020.
From January to June 2021, a total of 4,877,645 attempted attacks against users of Kaspersky solutions in the country with Microsoft’s RDP installed in their desktops were recorded. This is in contrast to 2,458,364 attacks from January to June last year.
A brute-force attack is a way to guess a password or encryption key by systematically trying all possible combinations of characters until the correct one is found. The RDP is Microsoft’s proprietary protocol (set of rules or procedures for transmitting data between computers through a network) used to control servers and remotely connect to other computers running Windows.
A brute-force RDP attack targets a device running Windows (definitely using RDP) and tries to find a valid RDP login or password pair. If successful, it allows an attacker to gain remote access to the targeted host computer.
In the Philippines, the majority of desktops are installed with Microsoft OS and these have been the devices heavily relied upon by employees working remotely while Metro Manila and other key provincial cities were put into on and off lockdowns since the pandemic began.
As early as March 2020, Kaspersky researchers have observed a skyrocketing increase in cybercriminal activity, particularly attacks against corporate resources when remote work was hastily pushed among employees worldwide.
“The hurried mass transition to home working has given cyber attackers this logical conclusion that poorly configured RDP servers would surge and then we saw the number of attacks shoot up tremendously,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“Now that remote work is projected to be the next step as the future of business evolves, it would be to every company’s advantage to pay attention to establishing and improving their cybersecurity policies. Attacks on remote-access infrastructure, including collaboration tools, are unlikely to stop any time soon so we call on businesses and employees to look into securing their work-from-home set-up better.”