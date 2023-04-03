Bruteforce attacks—online strikes that take control of corporate resources from unsuspecting employees—against organizations in the Philippines and the greater Southeast Asia have dropped in 2022, according to Kaspersky.

Based on its latest telemetry report, Kaspersky blocked at total of 75.86 million Remote Desktop Protocol (RDP) Bruteforce attacks against remote workers in Southeast Asia in 2022.

This represents a 49-percent dip from the 149 million Bruteforce attacks in 2021.

Closer to home, Kaspersky blocked 2.41 million Bruteforce attacks against companies in the Philippines in 2022, a 54.7-percent decline from 5.32 million attacks the year prior.

“From almost 150 million Bruteforce attacks against companies here in 2021, last year witnessed just half of them. It’s a good sign at first glance. In part, this was influenced by shifting to either a pure face-to-face or a hybrid remote environment, which means there are fewer remote workers in the region as compared to the peak of the pandemic in 2022 and 2021,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

RDP is Microsoft’s proprietary protocol, providing a user with a graphical interface to connect to another computer through a network. RDP is widely used by both system administrators and less-technical users to control servers and other PCs remotely.

RDP bruteforce attacks involve the testing of various usernames and passwords of employees until cybercriminals gain access to corporate resources. RDP is a popular remote desktop protocol used to access workstations or servers.

A successful attack allows an attacker to gain remote access to the targeted host computer.

Despite the decline in attacks, Tiong said companies and organizations should not take this as “a sign to be complacent.”

“It is, however, too early for businesses to proclaim total safety from Bruteforce attacks. Looking at the wider threat landscape, our experts see more modern ransomware groups exploiting RDP to gain initial access to the enterprise they are targeting. It’s a red flag that security teams should pay close attention to,” Yeo said.

A recent Kaspersky report unmasked the most popular techniques for gaining initial access among ransomware groups. Exploiting external remote services came up as the most common for the ransomware groups analyzed.

These ransomware groups were operating as Ransomware as a Service (RaaS), which use valid accounts, stolen credentials or Bruteforcing to get into a victim’s networks.

A best practice for protecting against RDP-related attacks is to “hide” it behind a VPN and properly configure it. It is also very important to use strong passwords, Yeo explained.

Kaspersky offers several solutions for these kinds of attacks, including the recently unveiled Kaspersky Extended Detection and Response (XDR) platform.