Millions of Brute-Force Attacks Hit Remote Desktop Accounts

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,171
Content source
https://threatpost.com/millions-brute-force-attacks-rdp/155324/
A rash of brute-forcing attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP) has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the COVID-19 pandemic, researchers noted.

RDP is used to connect to an image of an employee’s desktop as though the person were at their desk. It’s often used by both telecommuters as well as by tech support personnel troubleshooting an issue. A successful attack would give cybercriminals remote access to the target computer with the same permissions and access to data and folders that a legitimate user would have.

According to Dmitry Galov, security researcher with Kaspersky, organizations worldwide have seen rocketing numbers of generic brute-forcing attacks, where automated scripts try different combinations of passwords and user IDs on accounts in hopes of finding a combination that works to unlock them. Brute forcing – and its cousin, credential stuffing – have been on the rise for several quarters already thanks to large numbers of credentials from data leaks and breaches making their way to criminal underground forums.

Recently though, there’s been a massive spike, and specifically on RDP accounts. The growth in the number of brute-force RDP attacks went from hovering around 100,000 to 150,000 per day in January and February to soaring to nearly a million per day at the beginning of March, as coronavirus-related remote working got underway. The volume of attacks has ebbed and flowed since then but has remained elevated into April.

“One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP,” Galov said in a post issued Wednesday. “The lockdown has seen the appearance of a great many computers and servers able to be connected remotely, and right now we are witnessing an increase in cybercriminal activity with a view to exploiting the situation to attack corporate resources that have now been made available (sometimes in a hurry) to remote workers.”
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: Protomartyr, Handsome Recluse, Antus67 and 6 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
MSSQL Databases Under Fire From FreeWorld Ransomware
Replies
0
Views
789
News Archive
[correlate]
[correlate]
MuzzMelbourne
    • Like
    • +Reputation
Some Android phones are vulnerable to fingerprint brute-force attacks
Replies
7
Views
1,433
News Archive
MuzzMelbourne
MuzzMelbourne
Gandalf_The_Grey
    • Applause
    • Wow
    • +Reputation
Security News Ukraine arrests hackers trying to sell 100 million stolen accounts
Replies
0
Views
963
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top