Ransomware groups have exploited the shift to remote work like no other. Ransomware attacks increased by more than 485% in 20201. By 2031, a new organization is expected to fall prey to a ransomware attack every 2 seconds2. Numerous reports from threat hunting companies confirm that the primary attack vector they use to infiltrate corporate networks are poorly protected Remote Desktop Protocol (RDP) connections.
RDP allows a user to access and control another computer located elsewhere. Suppose computer 1 wants to establish an RDP connection with computer 2. In this case, the first one needs to run the RDP client software, and the last one needs to have the RDP server software. Once the connection is established, the user who initiated the RDP connection will be able to access the device with which they connected.
Although RDP has been used for a long time, the rush for remote working last year has caused the number of people relying on it to skyrocket. At the start of 2020, in just two months, the number of RDP ports exposed to the Internet increased from three million to four and a half million. Most employees access their corporate devices through RDP from their homes. Network administrators now use RDP more frequently to troubleshoot remote systems. This cascading effect has led to a huge number of RDP ports being left open to the Internet. The attackers take full advantage of this.
What is worrying is that the threat actors do not rely on any sophisticated technique to exploit the open RDP ports. They get great success with brute force attacks.
A brute force attack is a trial and error method to compromise user credentials. Security researchers have observed that hackers use different brute force techniques such as password spray attacks or credential stuffing using RDP credentials which can be purchased. on the dark web to compromise RDP connections.
While some basic steps, such as closing unnecessary open RDP ports and periodically reassessing who has access to RDP, slightly reduce an organization’s chances of being compromised, they are not enough. Attackers exploit organizations that struggle to eliminate bad password practices from their users, and improving password security should be an organization’s ongoing priority.
Download our complete guide to brute force attacks to:
Find out how RDP brute force attacks can be used to take control of an organization’s Active Directory infrastructure.
Review a Dharma ransomware case study that reveals key aspects of the highly profitable ransomware technique that infiltrates through RDP brute force attacks.
Find out how strong password security thwarts various types of password attacks.
Find out how to deploy the five defensive strategies against brute force attacks that keep organizations safe.
It is true that today’s cybercriminals are always finding new ways to launch attacks. Businesses cannot afford to let their guard down against simple yet proven techniques like brute force attacks.
1 Consumer Threat Landscape Report 2020
2 Prediction by cybersecurity company, Cybersecurity Ventures
The article How Brute Force Attacks Spearhead Ransomware Campaigns first appeared on the ManageEngine blog.
*** This is a Syndicated Security Bloggers Network blog from ManageEngine Blog written by Aangeeras. Read the original post at: https://blogs.manageengine.com/active-directory/adselfservice-plus/2021/09/17/how-brute-force-attacks-are-spearheading-ransomware-campaigns.html