Kaspersky thwarts 61m Bruteforce attacks firms in 2023

In the news from the cybersecurity realm, more than 61 million Bruteforce attacks targeting businesses in Southeast Asia (SEA) were detected and thwarted by Kaspersky in 2023.

A Bruteforce attack is a cyber-attack strategy where the system systematically tries all possible character combinations until the correct password or encryption key is found. A well-executed Bruteforce attack allows the attacker to obtain valid user credentials.

The attacked method, specifically termed Bruteforce.Generic.RDP.*, targets the Microsoft's proprietary Remote Desktop Protocol (RDP). RDP enables users to connect to other computers via a network and is widely used by system administrators and less-technical users for remote control of servers and PCs.

The Bruteforce.Generic.RDP.* assault involves attempting to discover a valid RDP login-password combination by systematically checking all possible passwords until the accurate one emerges. A successful attack allows the perpetrator to gain remote access to the targeted host computer.

Indonesia, Vietnam, and Thailand witnessed the highest number of RDP attacks in 2023, with Vietnam registering the majority with over 25 million attempts. Singapore had over six million incidents, followed by the Philippines with almost five million, and, the least impacted, Malaysia had close to three million Bruteforce attempts.

Adrian Hia, the Asian Pacific Managing Director at Kaspersky, commented on the issue: "Bruteforce attack is not a threat companies should ignore." He highlighted the risks posed by "the use of third-party services for data exchange, employees working on home computers, potentially insecure Wi-Fi networks, and the use of remote-access tools like RDP".

Hia stressed on the importance of businesses in the region strengthening their endpoint and network security posture to defend themselves against increasingly smarter AI-based Bruteforce attacks. He added, "We cannot discount that artificial intelligence modules and algorithms can be used to break corporate log-in and password pairs faster. And once threat actors gain remote access to your corporate computers, the possibility of financial and even reputational damage they can do becomes endless."

The managing director recommended organisations to adopt stringent protection measures if they use RDP in their work. These include using robust passwords, allowing RDP access only through a corporate VPN, utilising Network Level Authentication (NLA), enabling two-factor authentication if feasible, and disabling RDP and closing port 3389 if RDP is not in use.

Additionally, Kaspersky encourages companies to go a step further in securing their perimeters. It offers an integrated software solution, the Kaspersky Unified Monitoring and Analysis Platform (KUMA), which possesses event monitoring and management capabilities. KUMA functions as a log management system and a full-fledged Security Information and Event Management (SIEM) system.

The concerning rise in Bruteforce attacks highlights the importance of robust cybersecurity measures and strategies in the increasingly digital corporate landscape.