Kaspersky reported a massive record of over 23M bruteforce attacks targeting businesses in Southeast Asia (SEA) for the first six months of 2024.
A bruteforce attack is a method cybercriminals employ to guess login info and encryption keys or find a hidden web page by systematically attempting all possible character combinations until they find the correct one. Successful bruteforce attacks allow attackers to obtain personal data and valuable information, plant and spread malware, and even hijack the system for malicious activities.
From January to June 2024, Kaspersky B2B products installed in companies of various sizes in the region detected and foiled a total of 23,491,775 “Bruteforce.Generic.RDP.”
Remote Desktop Protocol (RDP) is Microsoft’s proprietary protocol, providing users with a graphical interface to connect to another computer through a network. RDP is widely used by both system administrators and less-technical users to control servers and other PCs remotely.
A Bruteforce.Generic.RDP attack attempts to find a valid RDP login/password pair by systematically checking all possible passwords until a correct one is found. When successful, it allows an attacker to gain remote access to the targeted host computer.
Vietnam, Indonesia, and Thailand registered the highest number of RDP attacks for the first half of the year, with over 8.4 million, 5.7 million, and 4.2 million attacks respectively. Meanwhile, Singapore has more than 1.7 million incidents, the Philippines has over 2.2 million, and Malaysia with the lowest number of just over 1 million bruteforce attacks.
“Cybercriminals are leveraging artificial intelligence to enhance the capabilities of bruteforce attacks by automating the process of generating and testing passwords, making it faster and more efficient. Implications of corporate network breach are far heavier. Organisations can suffer data breaches, or if systems are compromised they face operation disruptions. These would greatly impact organisations financially as they face costs of business downtime, recovery efforts and even regulatory fines,” shared Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
To protect your organizations, ensure adequate measures are taken:
- Use strong and unique passwords. Do not re-use on multiple websites, social media accounts, or financial accounts. Consider using a password manager to not only help generate a unique and strong password but also to manage them.
- Implement two-factor authentication (2FA) and consider using tools such as an authenticator app.
- Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary, and always use strong passwords, two-factor authentication, and firewall rules for them.
- Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access to an as-needed, and as-required basis to minimize risks of unauthorized access and data leak.
- Set up a security operation center (SOC) using a SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform, a unified console for monitoring and analyzing information security incidents, and solutions such as Kaspersky Next XDR Expert, a robust cybersecurity solution that defends against sophisticated cyberthreats.
- Use the latest Threat Intelligence information to have an in-depth visibility into cyberthreats targeting your organization and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.
- Consider subscribing to a managed service such as Kaspersky MDR if your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialist skills required for expert-level detection and response solutions. This would instantly boost your security capabilities by an order of magnitude while allowing you to focus on building in-house expertise.
- Use solutions intended to help you manage your cybersecurity even without having an IT administrator on board for the protection of very small businesses. Kaspersky Small Office Security provides hands-off security due to ‘install and forget’ protection and saves the budget which is crucial, particularly in the early stages of business development.
Learn more at www.kaspersky.com.
Leave a comment