0

At a time when hybrid working is normalised, many companies have taken to using the Remote Desktop Protocol (RDP) that enables computers on the same corporate network to be linked together and accessed remotely even when employees are at home. However, this has given cybercriminals another attack vector to penetrate networks, compromise systems, and steal data.

RELATED: Kaspersky discovers highly active APT campaign targeting cryptocurrency industry

Globally, this threat is a significant cause for concern. For example, according to Kaspersky research conducted on small and medium-sized businesses, in the first trimester of 2021 there were approximately 47.5 million RDP attacks in the US, whereas this year the number had risen to 51 million. Closer to home, RDP attacks experienced a decline in South Africa and Kenya, but Nigeria had an 89% increase for the first four months of 2022 when compared to the same period last year.

“In today’s connected environment, a major challenge is the increasing number of people relying on remote-access tools. In the move to rapidly enable work from home with the onset of the pandemic two years ago, many companies across Africa and the world rushed to implement RDP which resulted in misconfigured systems that are still being exploited by cybercriminals,” says James Gumede, SADC Territory Account Manager at Kaspersky.

From large corporates to SMEs, businesses have embraced remote working as part of the new operating environment. But this means that their security measures must evolve to reflect the complexities associated with remote access setups. It comes down to every person who accesses the company network needing to follow best practice and understanding the tactics that cyber criminals will use to compromise their personal and business devices and networks.

“Working from home is a wonderful way for companies to save on infrastructure costs. For employees, it means spending less time in traffic and more time working and with family. But this does come with significant risk given the global proliferation of RDP attacks. While still critical, traditional anti-virus and firewall solutions are not adequate to protect against these advanced threats.

“Even though South Africa and Kenya might have experienced a decline in these attacks, this will likely change as more people rely on hybrid work leaving many potential weak points in the corporate network. Furthermore, these RDP attacks can be targeted to focus on high-value individuals in the company such as the C-suite. Compromising their system provides additional opportunities to spoof emails to the rest of the company, customers, and suppliers,” adds Gumede.

Even if corporate security policies can manage updating every work computer’s operating system and all other settings, people’s home routers will remain outside the company’s control. IT teams will not know if these devices that connect to the network have the latest firmware installed or are password-protected to avoid compromise. This makes it an easy avenue for RDP attacks to take hold.

ADVERTISEMENT

For businesses to protect themselves from RDP compromises, Kaspersky recommends:

  • Providing staff with basic cybersecurity hygiene training as many targeted attacks start with phishing or other social engineering techniques.
  • Enable access to the company network through a corporate VPN and, if possible, enable multi-factor authentication to stay protected from RDP attacks.
  • Using a protection solution for endpoints and mail servers with anti-phishing capabilities to decrease the chance of infection through phishing emails.
  • Taking key data protection measures. Always safeguard corporate data and devices by using password protection, encrypting work devices, and ensuring data is backed up. Keeping work devices physically safe. Do not leave them unattended in public, always lock them and use strong passwords and encryption software.

More in News

You may also like