With the normalization of remote- and hybrid- working, cyber hygiene enhancement and training will need to become a fixture as well
In the first half of 2022, one cybersecurity firm had blocked 265,567 brute-force attacks daily in their South-east Asia (SEA) customer ecosystem, culminating in 47m Remote Desktop Protocol (RDP) attacks here.
These statistics are based on detection verdicts of Kaspersky products received from users that had consented to provide statistical data. In this case, the firm secured the largest groups of users from RDP attacks in Vietnam, Indonesia, and Thailand.
Cybercriminals typically use a Bruteforce.Generic.RDP attack to find a valid login/password combination to gain entry into a targeted corporate network. With the rapid rise in, and normalization of remote-working in the region, the increased use of RDP (a proprietary protocol from Microsoft) has resulted in expanded attack surfaces.
With many firms allowing employees to use their own devices for work, the cyber risks are even higher. According to Yeo Siang Tiong, General Manager (SEA), Kaspersky: “SEA (comprises) more than 680m people, half of which are under 30 and are very tech-savvy. So we see the use of this protocol to continue, and expect that malicious actors will continue their chase to compromise companies and organizations here through brute-force attacks.”
Yeo emphasized the need for heightening corporate and perimeter security and ensuring that all employees are trained in cyber awareness regularly. Also, cyber hygiene training must be accompanied by changes in IT administration to provide additional support to remote teams and apply security system updates promptly.
“Since not all machines are located in the office and hence not connected to the corporate network, adjustments need to be made to ensure endpoints stay secure and corporate resources are protected. Fortunately, staying protected against an evolving set of cyber risks does not require any high-tech or advanced programming skills. It just requires a little knowledge of basic cyber safety rules,” Yeo added.