Cybercriminals have relentlessly exploited remote and hybrid environments to target enterprises in Southeast Asia, according to the global cybersecurity and digital privacy company Kaspersky.
Kaspersky said it foiled over 47 million remote desktop protocol (RDP) attacks in the first six months of 2022 in the region where hybrid and remote work continues to be the norm.
The number of Bruteforce.Generic.RDP targeting remote workers totalled over 47.8 million incidents.
On average, Kaspersky solutions blocked 265,567 brute-force attacks in the region daily.
It secured most users in Viet Nam, Indonesia and Thailand from this type of threat, it said.
RDP is Microsoft’s proprietary protocol, which provides a user with a graphic interface to connect to another computer through a network. It is widely used by both system administrators and less technical users to control servers and other personal computers remotely.
A Bruteforce.Generic.RDP attack attempts to find a valid RDP login/password pair by systematically checking all possible passwords until the correct one is found. A successful Bruteforce.Generic.RDP attack allows an attacker to gain remote access to the targeted host computer.
Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, said: “Naturally, working from home or anywhere out of the office requires employees to log in to corporate resources remotely from their personal devices. One of the most common tools used for this purpose is RDP.
“Microsoft 365 is still the preferred software used by enterprises and Southeast Asia boasts of more than 680 million people, half of whom are under 30 and highly tech-savvy. So we see the use of this protocol continuing as remote working remains the norm and expect that malicious actors will continue their chase to compromise companies and organisations here through brute-force attacks.”
Brute-force attacks on RDP are not new, but never before have so many employees used these protocols, which is the likely reason why they continue to be the primary focus for attackers in Southeast Asia, it said.
While corporate and perimeter security remains important, the recent mass transition to remote or hybrid work has shown all too clearly that even the best corporate security cannot compensate for lack of user awareness, it said.
With 60 per cent of companies allowing employees to use their own devices for work, businesses must train their staff in cybersecurity best practices so that they are aware of the risks and understand how to work securely with corporate resources, it added. — VNS