Work-from-home computers in the Philippines are now primary targets of cybercriminals, with almost 5 Million attacks, up 98.41 percent in the first half of 2021 versus the same period in 2020, according to the latest Kaspersky report.
In the first half of last year, Kaspersky recorded just half the number of similar attacks, totaling 2,458,364.
But from January to June 2021, the cybersecurity firm recorded a total of 4,877,645 brute-force attacks on local users of Microsoft’s Remote Desktop Protocol (RDP).
RDP is a Microsoft proprietary protocol enabling employees to access their desktops from home or at different sites through a web browser.
A brute-force attack is a way to guess a password or encryption key by systematically trying all possible combinations of characters until the correct one is found.
The RDP is Microsoft’s proprietary protocol used to control servers and remotely connect to other computers running Windows.
A protocol is a set of rules or procedures for transmitting data between computers through a network.
A brute-force RDP attack targets a device running Windows and finds a valid RDP login or password pair.
If successful, it allows an attacker to gain remote access to the targeted host computer.
Probem is, in the Philippines, most desktops are installed with Microsoft operating systems (OS).
Employees working remotely while Metro Manila and other key provincial cities were put into on and off lockdowns since the pandemic began relied heavily on these devices.
As early as March 2020, Kaspersky researchers observed attacks against corporate resources skyrocketed when employees resorted to remote work.
“The hurried mass transition to home working has given cyber attackers this logical conclusion that poorly configured RDP servers would surge and then we saw the number of attacks shoot up tremendously," confirmed Yeo Siang Tiong, Kaspersky General Manager for Southeast Asia.
"Now that remote work is the next step as the future of business evolves, attacks on remote-access infrastructure, including collaboration tools, are unlikely to stop any time soon," he warned.
Companies whose workforce are using RDP should take protective measures for their remote staff.
Aside from using strong passwords, they should make RDP available only through a corporate virtual private network (VPN).
They should also use Network Level Authentication (NLA) enable two-factor authentication, if possible, disable RDP if not using it and close port 3389.