Global cybersecurity company Kaspersky reports blocking more than 23M bruteforce attacks eyeing businesses in Southeast Asia (SEA) for the first six months of 2024.
A bruteforce attack is a method employed by cybercriminals to guess login info, encryption keys, or find a hidden web page by systematically attempting all possible character combinations until they find the correct one. Successful bruteforce attacks allow attackers to obtain personal data and valuable information, plant and spread a malware, and even hijack the system for malicious activities.
A total of 23,491,775 Bruteforce.Generic.RDP were detected and foiled by Kaspersky B2B products installed in companies of various sizes in the region from the period of January to June.
Remote Desktop Protocol (RDP) is Microsoft’s proprietary protocol, providing a user with a graphical interface to connect to another computer through a network. RDP is widely used by both system administrators and less-technical users to control servers and other PCs remotely.
A Bruteforce.Generic.RDP attack attempts to find a valid RDP login / password pair by systematically checking all possible passwords until a correct one is found. When successful, it allows an attacker to gain remote access to the targeted host computer.
Vietnam, Indonesia, and Thailand registered the highest number of RDP attacks for the first half of the year, with over 8.4 million, 5.7 million and 4.2 million attacks respectively. Meanwhile, Singapore has more than 1.7 million incidents, the Philippines has over 2.2 million, and Malaysia with the lowest number of just over 1 million bruteforce attacks.
“Although it is an old method, organizations must not underestimate a bruteforce attack. This threat is still relevant for the region because many organizations deploy weak passwords making it easier for attackers to succeed. In addition to that the absence of multi-factor authentication (MFA) on RDP connections as well as misconfigured RDP settings would also increase the possibility of successful execution of a bruteforce attack,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“Cybercriminals are leveraging artificial intelligence to enhance the capabilities of bruteforce attacks by automating the process of generating and testing passwords, making it faster and more efficient. Implications of corporate network breach are far heavier. Organizations can suffer data breaches, or if systems are compromised they face operation disruptions. These would greatly impact organizations financially as they face costs of business downtime, recovery efforts and even regulatory fines,” adds Yeo.
To protect your organisations, ensure adequate measures are taken:
- Use strong and unique passwords. Do not re-use on multiple websites, social media accounts or financial accounts. Consider using a password manager to not only help generate a unique and strong passwords but also to manage them.
- Implement two-factor authentication (2FA) and consider using tools such as an authenticator app.
- Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary and always use strong passwords, two-factor authentication and firewall rules for them.
- Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access to as-need, and as-required basis to minimise risks of unauthorised access and data leak.
- Set up a security operation centre (SOC) using an SIEM (security information and event management) toollikeKaspersky Unified Monitoring and Analysis Platform,a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next XDR Expert, a robust cybersecurity solution that defends against sophisticated cyberthreats.
- Use the latest Threat Intelligence information to have an in-depth visibility into cyberthreats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.
- If your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialist skills required for expert-level detection and response solutions, consider subscribing to a managed service such as Kaspersky MDR. This would instantly boost your security capabilities by an order of magnitude, while allowing you to focus on building in-house expertise.
- For protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board. Kaspersky Small Office Security provides you with hands-off security due to ‘install and forget’ protection and saves the budget which is crucial, particularly in the early stages of business development.
