A brute-force attack is a method employed by cybercriminals to guess login information, encryption keys, or find hidden web pages by systematically attempting all possible character combinations until they find the correct one. Successful brute-force attacks allow attackers to obtain personal data, plant and spread malware, and even hijack systems for malicious activities.

A total of 23,491,775 BruteForce.Generic.RDP attacks were detected and foiled by Kaspersky B2B products installed in companies of various sizes in the region between January and June 2024.

Remote Desktop Protocol (RDP) is Microsoft’s proprietary protocol that provides a user with a graphical interface to connect to another computer through a network. RDP is widely used by both system administrators and less-technical users to control servers and other PCs remotely.

A BruteForce.Generic.RDP attack attempts to find a valid RDP login/password pair by systematically checking all possible passwords until the correct one is found. When successful, this allows an attacker to gain remote access to the targeted host computer.

Vietnam, Indonesia, and Thailand registered the highest number of RDP attacks in the first half of the year, with over 8.4 million, 5.7 million, and 4.2 million attacks, respectively. Meanwhile, Singapore experienced over 1.7 million incidents, the Philippines recorded over 2.2 million, and Malaysia had the lowest number, just over 1 million brute-force attacks.

“Although it is an old method, organisations must not underestimate a brute-force attack. This threat is still relevant for the region because many organisations deploy weak passwords, making it easier for attackers to succeed. Additionally, the absence of multi-factor authentication (MFA) on RDP connections and misconfigured RDP settings further increase the likelihood of a successful attack,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“Cybercriminals are leveraging artificial intelligence to enhance the capabilities of brute-force attacks by automating the process of generating and testing passwords, making it faster and more efficient. The implications of a corporate network breach are severe. Organisations can suffer data breaches, face operational disruptions, and incur significant financial costs due to business downtime, recovery efforts, and regulatory fines,” adds Yeo.

To protect your organisation, ensure the following measures are taken:

1.      Use strong and unique passwords: Do not reuse passwords across multiple websites, social media accounts, or financial accounts. Consider using a password manager to help generate and manage strong, unique passwords.

2.      Implement two-factor authentication (2FA): Consider using tools such as an authenticator app for added security.

3.      Avoid exposing remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless absolutely necessary: Always use strong passwords, two-factor authentication, and firewall rules to protect these services.

4.      Monitor access and activity: Have visibility over the network to spot unusual activity, and control user access on an as-needed, as-required basis to minimise the risks of unauthorised access and data leaks.

5.      Set up a Security Operations Centre (SOC): Use an SIEM (Security Information and Event Management) tool like Kaspersky Unified Monitoring and Analysis Platform, a unified console for monitoring and analysing information security incidents. Consider solutions like Kaspersky NextXDR Expert, a robust cybersecurity solution that defends against sophisticated cyber threats.

6.      Leverage Threat Intelligence: Use the latest threat intelligence to gain in-depth visibility into cyber threats targeting your organisation. This will provide your InfoSec team with comprehensive, up-to-date information about potential malicious actors and their tactics, techniques, and procedures (TTPs).

7.      Outsource IT security if needed: If your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialised skills required for expert-level detection and response, consider subscribing to a managed service like Kaspersky MDR. This can instantly enhance your security capabilities and allow you to focus on building in-house expertise.

8.      Protect small businesses: For very small businesses, use solutions designed to help manage cybersecurity without the need for an in-house IT administrator. Kaspersky Small Office Security provides "install and forget" protection, offering hands-off security while saving on the budget, which is crucial, especially during the early stages of business development./.