Bruteforce attacks against remote workers in the Philippines and in the rest of Southeast Asia (SEA) declined after the pandemic, but businesses cannot afford to be complacent, warned global cybersecurity firm Kaspersky.

To victimize enterprises, cybercriminals exploit Microsoft’s proprietary Remote Desktop Protocol (RDP) which provide users a graphical interface to connect to another computer through a network.

Both system administrators and less-technical people use RDP to control servers and other PCs remotely.

A Bruteforce attack is a method for guessing a password or an encryption key that involves systematically trying all possible combinations of characters until a correct one is found. A successful attack allows a cybercriminal to gain remote access to the targeted host computer.

Last year,  Kaspersky blocked a total of 2,409,085 Bruteforce attacks against companies in the Philippines. This represents a 54.7 percent dip from 2021’s 5,318,482 attacks.

Overall, Kaspersky blocked a total of 75,855,129 Bruteforce.Generic.RDP incidents targeting companies in SEA in 2022.

Last year's total number was 49 percent lower than 2021’s 149,003,835 Bruteforce attacks. The decline in quantity has been observed across all the six countries in SEA.

“From almost 150 million Bruteforce attacks against companies here in 2021, last year witnessed just half of them. It’s a good sign at first glance," says Yeo Siang Tiong, Kaspersky General Manager for Southeast Asia.

"In part, this was influenced by shifting to either a pure face-to-face or a hybrid remote environment, which means there are fewer remote workers in the region as compared to the peak of the pandemic in 2022 and 2021,” he explained.

“It is, however, too early for businesses to proclaim total safety from Bruteforce attacks," the GM warned.

"Looking at the wider threat landscape, our experts see more modern ransomware groups exploiting RDP to gain initial access to the enterprise they are targeting. It’s a red flag that security teams should pay close attention to,” Yeo underscored.

For ransomware groups, exploiting external remote services is the  most common technique for gaining initial access.

A best practice for protecting against RDP-related attacks is to "hide" it behind a Virtual Private Network (VPN) and properly configure it. It is also very important to use strong passwords.

Deploying a comprehensive defensive concept that equips, informs and guides security teams to fight sophisticated and targeted cyberattacks also reduces the risk of attacks.