Vulnerabilities away from the office
Remote desktop protocol attacks in Asean rose 150% in first full year of the pandemic, Kaspersky survey shows
published : 8 Jul 2022 at 04:00
newspaper section: Business
Employees hastily placed in remote work setups kept most of Southeast Asia's businesses afloat when the coronavirus pandemic hit in 2020.
Unfortunately, remote work also caused headaches for companies that faced cyber-attacks, which are not going to go away anytime soon, according to the cyber security company Kaspersky.
Data from the company showed that remote desktop protocol (RDP) attack attempts among Kaspersky users in Southeast Asia increased by 149% from 2019 to 2021. From 65.6 million such incidents in 2019, the figure ballooned to 214 million in 2020 after large numbers of the region's workers were forced to leave their offices to work from their homes.
In 2021, when many employees were given the flexibility to work on-site or remotely, RPD attack attempts in Southeast Asia declined 20% compared to 2020, but the numbers are still higher than in 2019.
RDP is a proprietary Microsoft protocol that enables a user to connect to another computer through a network of computers running Windows. It is widely used by both system administrators and less-technical users to control servers and other PCs remotely, but this tool is also what intruders exploit to penetrate the target computer that usually houses important corporate resources.
Microsoft 365 remains the preferred productivity software in the business world, followed by Google Workspace.
When devices are outside a company's local network, away from the protection of the IT department, confidential information will always have huge potential to be stolen or lost due to carelessness.
When the first wave of Covid lockdowns took hold, many computers that had been hurriedly made available to remote workers were incorrectly configured. This scenario provided an opportunity for cybercriminals to launch attacks, particularly using brute-force attempts (systematically trying to find the correct username-password pair) to successfully get remote access to target computers in the network.
"The rise in RDP attacks during this period is not unique to Southeast Asia," said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. "Globally, this type of threat rose 120% from 2019 to 2021. Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
Kaspersky experts predict attacks on remote-access infrastructure (as well as collaboration tools) are unlikely to stop anytime soon. For anyone currently using RDP for work, they advise a range of possible protection measures, such as:
- Use different strong passwords to access different corporate resources;
- Update all software and apps on employee devices to the latest version;
- Enable access to your network or make RDP available only through a corporate virtual private network (VPN);
- Use network level authentication (NLA);
- If possible, enable multi-factor authentication;
- If you don't use RDP, disable it and close TCP port 3389, which is used to enable users to access remote computers;
- Give employees basic security awareness training that can be done online;
- Ensure your employees are equipped to securely work from home and know who to contact when faced with an IT issue;
- Use a reliable corporate security solution that will be installed on all employee devices, as well as solutions for tracking equipment in case of loss. Choose one with network threat protection that includes log inspection functionality to configure monitoring and alert rules for brute force and failed login attempts;
- Where possible, use encryption on devices used for work purposes;
- Make backup copies of critical data.