While the world has been pushed into remote working situations more and more with the COVID-19 pandemic, it has unfortunately opened up opportunities for cybercriminals to exploit a well-known remote desktop protocol (RDP), which is used to access corporate resources remotely.
According to data presented by the Atlas VPN research team, RDP attacks rocketed by 241% in 2020. In 2019, RDP attacks stood at 969 million, but in the year 2020, threat actors carried out a staggering 3.3 billion attacks.
This data is provided by Kaspersky, one of the biggest antivirus companies globally that protects more than 400 million users and 250,000 corporate clients.
Data reveals that RDP attacks have been steadily increasing since the start of 2019, but the pandemic accelerated the growth dramatically, which led to 3.3 billion cyber attacks from January to November 2020.
A deeper dive into the data reveals that in 2019, hackers carried out an average of 88,180,802 attacks per month. However, in 2020, the average number of RDP attacks per month soared to 302,020,526.
Moreover, in 2019, threat actors executed most attacks in September, at 160,234,416. Yet, in November 2020, hackers pulled off 409,155,016 RDP cyberattacks, representing a 155% increase when comparing the maximum number of attacks per month in 2019 and 2020.
So, how do cyber criminals do this?
Most of the RDP cyber attacks are brute-force attacks. Cybercriminals attempt to find the correct credential combination that will allow the attacker to access the company’s target computer.
Worth noting that they are not using random username and password combinations. Hackers have millions of username and password combinations that were leaked from other businesses.
As a matter of fact, Atlas VPN recently reported that there were 37 billion data records leaked in 2020, a growth of 140% year-over-year. Meaning, there is no shortage of credentials that hackers can try.
After stumbling upon the correct combination, a threat actor can move laterally within the organization’s infrastructure until they find what they are looking for, be it financial data, contact information, user data, or any other sensitive information.
Hackers usually have one of two goals in mind when they are carrying out these attacks.
First – they want to steal the data to sell it to an already existing buyer that ordered the attack or they will put it up for sale on the dark web. The targeted information might be an intellectual property that gives an organization it’s competitive edge in the industry or its customers’ data.
Second – after stealing the data, they will contact the company demanding a ransom payment. If the enterprise agrees to pay, then hackers will hand over the data back to the company and promise to hide the fact that the company was compromised, allowing the enterprise to preserve it’s reputation.
By putting all of this into place, we can see the full journey a hacker has to go through to reach his goal – which is usually financial profit. Let’s go over it step-by-step to get a clearer picture.
To start, hackers purchase millions of leaked credentials from their cybercriminal colleagues. Then, they use those username and password combinations to hack into the company’s computer that uses the remote desktop protocol (RDP). Now, they have access to sensitive information that they can use to turn into profit.
Many might know the dangers of data leaks and remote desktop attacks, but here, we wanted to explain how all of this falls into place to benefit the criminal.
While it might seem obvious, there are still some organisations that aren’t protecting themselves from these ever-evolving threats; and protecting your business and brand should be top of mind.
If you or your business is looking for security and a custom software application or software, My Online Presence’s expertise is in creating tailored solutions depending on client requirements. Hosted on top quality servers, My Online Presence’s solutions boast the latest in server hardware, are housed in a state-of-the-art, restricted access data centre offering everything you’d expect from a host service including daily back-ups, UPS and generator power backups, and round-the-clock security. This excellent hosting service will put your mind at ease and allow you to continue to grow your online presence with the knowledge that your data is secure.