Cyberattacks on remote work in Southeast Asia to decrease by 49% in 2022

DNHN - Kaspersky recently reported a decline in attacks against remote workers in Southeast Asia. However, the threat posed by ransomware is growing.

Illustration
Illustration.

In Southeast Asia, Kaspersky successfully detected and prevented nearly 76 million remote desktop protocol (RDP) attacks in 2022, a decrease of 49% from 2021. This is positive news. However, users should also be aware of the regional network security situation.

Remote Desktop Protocol (RDP) is a Microsoft-proprietary protocol that allows users to connect to another computer over a network. System administrators and non-technical users use RDP extensively to remotely control servers and other personal computers.

Vietnamese, Indonesian, and Thai businesses were the primary targets. System administrators and non-technical users frequently connect remotely to and control servers and other computers. If successful, therefore, the attacker will have remote access to the server via the employee accounts of these businesses.

According to Kaspersky statistics, approximately 76 million Bruteforce Generic RDP attacks were prevented in Southeast Asia in 2022. The total number of attacks decreased by roughly half in 2012 compared to 2011 – a period. Countries in the region continue to implement campaigns of social distancing.

A Bruteforce Generic RDP attack attempts to discover valid RDP credentials by trying every possible combination until the correct password is discovered. After a successful attack, the attacker will have remote access to the server being attacked.

In Vietnam, 31.5 million Bruteforce Generic RDP attacks were prevented in the past year, the most among the six countries surveyed. However, the number of attacks against remote workers in Vietnam has sharply declined, with only half of the 59 million cases recorded in 2021.

Yeo Siang Tiong, the General Manager of Kaspersky Southeast Asia, elaborates "By 2022, the number of Bruteforce attacks against businesses in the region has decreased by half, from nearly 150 million in 2021. At first glance, this appears to be a positive indicator, as the transition to pure face-to-face or hybrid remote work means that fewer employees in the region are working remotely than during the height of the pandemic. In contrast, a growing number of ransomware (ransomware) groups are leveraging RDP to gain initial access to businesses, according to our experts' assessment of the threat landscape as a whole. The security team should be vigilant."

A recent Kaspersky report reveals that exploiting external services is the most common method for ransomware groups to gain initial access. Conti, Pysa, Clop (TA505), Hive, RagnarLocker, Lockbit, BlackByte, and BlackCat, all eight ransomware groups mentioned in the report primarily operate as ransomware as a service.

These groups gain access to the victim's network using valid accounts, stolen credentials, or brute force. The report also indicates that all ransomware groups used open RDP to gain initial system access because it was the simplest method.

This expert recommends that businesses implement a new concept known as "comprehensive defense" against attacks to reduce the risk and impact of ransomware attacks caused by RDP Bruteforce. The network is organized and focused.

Therefore, the most effective way to protect the system from RDP-related attacks is to "hide" it behind a VPN and configure it correctly. Using strong passwords is also crucial for protecting users against RDP threats.

Thu Phuong (t/h)

Related news