Despite the decrease, RDP attacks should still be a concern for organisations as they continue to embrace the new reality of hybrid work.
According to Kaspersky telemetry, the number of brute force attacks against Remote Desktop Protocol (RDP) across Africa has significantly decreased in Q2 2022 by 53% compared to the previous quarter. This downward trajectory could be a result of several reasons. This could be due to the RDP vulnerabilities exposed in the first quarter of the year, due to the workforce switching from remote to hybrid work, or due to organisations adopting secure RDP configurations for their remote employees, making it then a less attractive target.
RDP is a popular protocol used by employees to connect to corporate resources, servers and networks remotely. Attacks against RDP are considered some of the most common tactics used by cybercriminals to explore security vulnerabilities and target computers within an organisation’s network. By exploiting insecure or incorrectly configured RDP settings, cybercriminals can log into the system without the victim’s permissions and install ransomware or steal sensitive data.
In the first quarter of 2022, the detections in Africa were at 4,345,883 as compared to the detections in the second quarter which stood at 2,056,076. Despite the decrease, RDP attacks should still be a concern for organisations as they continue to embrace the new reality of hybrid work.
In terms of countries, South Africa saw the highest number of detections in the second quarter of 2022 at 1,400,337 even at a 41% decrease from the previous quarter, followed by Kenya at 566,666 detections and at a 66% decrease and Nigeria with 89,073 detections at a 17% decrease.
“Remote working comes with security risks and threats and hybrid working is no exception. The fact that employees can access company network anytime from anywhere across devices is a trend to be adopted and adapted to with caution. No doubt companies are trying hard to ensure employees are well-connected to work more collaboratively, and have access to data to meet business needs, but strong and strict security measures need to be in place to avoid any slip-ups. Incorrect RDP setting, weak passwords, or use of public WI-FI can result in serious setbacks,” said Maher Yamout, Senior Security Researcher at Kaspersky.
To keep your company safe from brute force RDP attacks, Kaspersky experts recommend:
- Enable access to RDP through a corporate VPN only
- Enable the use of Network Level Authentication (NLA) when connecting remotely.
- If possible, enable multi-factor authentication
- Use corporate security solution empowered with network threat protection such as Kaspersky Endpoint Security for Business
- Organisations can use the Kaspersky Automated Security Awareness Platform, which builds concrete cyber-hygiene skills and practices