Work-from-home setup fuelling cyber attacks

CEBU, Philippines — As work-from-home arrangement continues, cyber attacks also rises in the Philippines.

 Kaspersky’s latest survey covering the first half of 2021, almost 5 million attacks were discovered, which targeted work-from-home computers in the Philippines.

 Based on Kaspersky’s telemetry, brute-force attacks versus Remote Desktop Protocol (RDP) among its users in the Philippines showed an increase of 98.41 percent in the first half of 2021 compared to the same period in 2020.

From January to June 2021, a total of 4,877,645 attempted attacks against users of Kaspersky solutions in the country with Microsoft’s RDP installed in their desktops were recorded. This is in contrast to 2,458,364 attacks from January to June last year.

A brute-force attack is a way to guess a password or encryption key by systematically trying all possible combinations of characters until the correct one is found. The RDP is Microsoft’s proprietary protocol (set of rules or procedures for transmitting data between computers through a network) used to control servers and remotely connect to other computers running Windows.

A brute-force RDP attack targets a device running Windows (definitely using RDP) and tries to find a valid RDP login or password pair. If successful, it allows an attacker to gain remote access to the targeted host computer.

 In the Philippines, the majority of desktops are installed with Microsoft OS and these have been the devices heavily relied upon by employees working remotely while Metro Manila and other key provincial cities were put into on and off lockdowns since the pandemic began.

 As early as March 2020, Kaspersky researchers have observed a skyrocketing increase in cybercriminal activity, particularly attacks against corporate resources when remote work was hastily pushed among employees worldwide. 

 “The hurried mass transition to home working has given cyber attackers this logical conclusion that poorly configured RDP servers would surge and then we saw the number of attacks shoot up tremendously. Now that remote work is projected to be the next step as the future of business evolves, it would be to every company’s advantage to pay attention to establishing and improving their cybersecurity policies. Attacks on remote-access infrastructure, including collaboration tools, are unlikely to stop any time soon so we call on businesses and employees to look into securing their work-from-home set-up better,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

Companies whose workforce are using RDP are strongly urged to help their remote staff work safe by taking possible protective measures such as: Use strong passwords;  Make RDP available only through a corporate VPN; Use Network Level Authentication (NLA); Enable two-factor authentication, if possible; Disable RDP if not using it and close port 3389; Use a reliable security solution.

Going close to two years into the pandemic, home computers used for remote work are still below corporate cybersecurity standards and Kaspersky shares a few more tips for companies to seriously consider:  Give employees training in the basics of digital security;

Use different strong passwords to access different corporate resources; Update all software on employee devices to the latest version; Use encryption on devices for work purposes where possible; Make backup copies of critical data; Install security solutions on all employee devices, as well as solutions for tracking equipment in case of loss.