Millions of Brute-Force Attacks Hit Remote Desktop Accounts

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,128
A rash of brute-forcing attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP) has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the COVID-19 pandemic, researchers noted.

RDP is used to connect to an image of an employee’s desktop as though the person were at their desk. It’s often used by both telecommuters as well as by tech support personnel troubleshooting an issue. A successful attack would give cybercriminals remote access to the target computer with the same permissions and access to data and folders that a legitimate user would have.

According to Dmitry Galov, security researcher with Kaspersky, organizations worldwide have seen rocketing numbers of generic brute-forcing attacks, where automated scripts try different combinations of passwords and user IDs on accounts in hopes of finding a combination that works to unlock them. Brute forcing – and its cousin, credential stuffing – have been on the rise for several quarters already thanks to large numbers of credentials from data leaks and breaches making their way to criminal underground forums.

Recently though, there’s been a massive spike, and specifically on RDP accounts. The growth in the number of brute-force RDP attacks went from hovering around 100,000 to 150,000 per day in January and February to soaring to nearly a million per day at the beginning of March, as coronavirus-related remote working got underway. The volume of attacks has ebbed and flowed since then but has remained elevated into April.

“One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP,” Galov said in a post issued Wednesday. “The lockdown has seen the appearance of a great many computers and servers able to be connected remotely, and right now we are witnessing an increase in cybercriminal activity with a view to exploiting the situation to attack corporate resources that have now been made available (sometimes in a hurry) to remote workers.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top