Just 2020 things: Miscreants hit remote desktops 700% harder as world’s IT teams try to support locked-down staff

Online criminals have increasingly targeted Remote Desktop Protocol connections over the past year, according to infosec biz ESET.

During calendar 2020, ESET recorded what it said was a 768 per cent increase in attack attempts on RDP, a key Windows feature for remote working, during the course of the year.

Roman Kováč, ESET’s chief research officer, said in a statement: “RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors.”

Lest anyone be alarmed by this, he added: “As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4.”

Figures published by ESET showed that in January 2020 the number of brute-force RDP connection attempts tracked by the company were running at less than 10 million. By December that number had peaked at more than 225 million in total – and in Q4 around 150,000 of those were targeted against unique devices.

ransomware

Scottish enviro bods shrug off ransomware gang’s extortion attempt as 4,000 files dumped online, saying it’s nothing big

READ MORE

There is an obvious reason why connection attempts targeted at RDP took place: COVID-19. As well as the uptick in malicious RDP connection attempts, ESET also noted (not uniquely) an increase in coronavirus-themed phishing lures over the course of the year, which it said was “especially related to the end-of-year vaccine rollouts.”

Those attacks have taken a back seat to more eye-catching forms (yes, we mean ransomware) over the past 12 months, though research by infosec outfit Check Point in 2019 showed that common RDP tools for Windows and Linux alike were festooned with vulns. Perhaps somebody other than the vendor paid attention to those findings.

The full 2020 threat report, available from ESET’s website, also detailed how North Korea’s APT38 (known by ESET as Lazarus) hijacked legitimate banking security software called WIZVERA VeraPort as part of a supply-chain attack, and other elements of its research.

A couple of years ago a Slovakian Communist politician claimed Slovakia-based ESET was staffed with “outrageous fascists” who bribed local politicians and media outlets for positive coverage and favourable policies. Unsurprisingly, he was forced to delete those baseless claims after the company sued him over them. ®

READ MORE HERE