DeviceLock analysts claim that the number of computers with the Windows operating system in Russia, that are vulnerable to Remote Desktop Protocol (RDP) access attempts, increased by 230%, to 101 thousand during the time of self-isolation.
The company’s founder, Ashot Hovhannisyan, explained that the rapid growth was due to the fact that during the coronavirus pandemic, the number of servers, including those open to the Internet, also grew rapidly.
According to him, most companies allow users to connect via the Remote Desktop Protocol only using VPN technology, while a small percentage of servers are allowed to log in without a password, which is a serious threat to corporate networks.
Alexey Novikov, Director of the Positive Technologies expert center, added that botnets scanning the network for vulnerable computers had new goals when companies started transferring employees to remote work. According to him, the rapid transition to remote work contributed to the fact that the priority was put on the performance of the infrastructure, rather than information security.
Hackers sell company accounts on the Darknet for 300-500 rubles ($4-7). The information obtained can help cyber criminals in stealing the user’s personal data. This way, criminals will be able to get into the Bank account or, for example, to the crypto exchange or e-wallet.
According to Igor Zalevsky, head of the JSOC CERT cyber incident investigation department, the number of attacks has increased with the growth of the number of targets. For example, the number of attempts to select RDP passwords increased from 3-5 times to 9-12. The attacks began to last longer – from two to three hours. According to him, it takes attackers an average of one and a half days to access large companies with a large information security department.