Remote desktop protocol attacks surged by 241% in 2020

Due to remote-work, employees started using Microsoft’s client software called remote desktop protocol (RDP), which is used to access corporate resources remotely.
Microsft Surface Pro 7Cybercriminals immediately saw this as an opportunity to hack into the company’s systems. Since the work-from-home shift happened almost overnight, it exposed many improperly configured and, in turn, unsafe RDP servers.

According to data presented by the Atlas VPN research team, RDP attacks rocketed by 241 percent in 2020. In 2019, RDP attacks stood at 969 million, but in the year 2020, threat actors carried out a staggering 3.3 billion attacks.

This data is provided by Kaspersky, one of the biggest antivirus companies globally that protects more than 400 million users and 250,000 corporate clients.

Data reveals that RDP attacks have been steadily increasing since the start of 2019, but the pandemic accelerated the growth dramatically, which led to 3.3 billion cyber attacks from January to November 2020.

A deeper dive into the data reveals that in 2019, hackers carried out an average of 88,180,802 attacks per month. However, in 2020, the average number of RDP attacks per month soared to 302,020,526.

Moreover, in 2019, threat actors executed most attacks in September, at 160,234,416. Yet, in November 2020, hackers pulled off 409,155,016 RDP cyber attacks, representing a 155 percent increase when comparing the maximum number of attacks per month in 2019 and 2020.

Analysis of the RDP attack landscape

Most of the RDP cyber attacks are brute-force attacks. Cybercriminals attempt to find the correct credential combination that will allow the attacker to access the company’s target computer.

Worth noting that they are not using random username and password combinations. Hackers have millions of username and password combinations that were leaked from other businesses.

Atlas VPN recently reported that there were 37 billion data records leaked in 2020, a growth of 140 percent year-over-year. Meaning, there is no shortage of credentials that hackers can try.

After stumbling upon the correct combination, a threat actor can move laterally within the organization’s infrastructure until they find what they are looking for, be it financial data, contact information, user data, or any other sensitive information.

Hackers usually have one of two goals in mind when they are carrying out these attacks.

First – they want to steal the data to sell it to an already existing buyer that ordered the attack or they will put it up for sale on the dark web. The targeted information might be an intellectual property that gives an organization it is an competitive edge in the industry or its customers’ data.

Second – after stealing the data, they will contact the company demanding a ransom payment. If the enterprise agrees to pay, then hackers will hand over the data back to the company and promise to hide the fact that the company was compromised, allowing the enterprise to preserve its reputation.

By putting all of this into place, we can see the full journey a hacker has to go through to reach his goal – which is usually financial profit. Let’s go over it step-by-step to get a clearer picture.

To start, hackers purchase millions of leaked credentials from their cybercriminal colleagues. Then, they use those username and password combinations to hack into the company’s computer that uses the remote desktop protocol (RDP). Now, they have access to sensitive information that they can use to turn into profit.

Related News

Latest News

Latest News