Cybersecurity is critical. With the shift toward remote work, brute-force attacks are increasingly targeting accounts that use Microsoft’s Remote Desktop Protocol, says NordVPN Teams.
Cybercriminals will try different tactics to capture a user’s login or account credentials. But one popular method is the old, reliable brute-force attack. With this type of attack, a hacker uses any easily-available cracking tool to run through a large number of password combinations until the right one is found.
Brute-force attacks typically are aimed at computers and other devices on networks to capture email addresses, passwords, passphrases, usernames, and PINs. Such attacks exploit weak or otherwise vulnerable passwords that are easy to guess.
The attackers then try to profit from their ill-gotten gains by distributing malware, spamming or phishing unsuspecting victims, or selling the stolen access on the Dark Web. In many cases, obtaining the credentials to an account gives cybercriminals the means to compromise an entire network.
“Unlike many other tactics used by bad actors, brute-force attacks don’t rely on vulnerabilities within websites,” NordVPN Teams CTO Juta Gurinaviciute said in the post. “Instead, they rely on users having weak or guessable credentials. The simplicity and number of potential targets make brute-force attacks very popular. There is little finesse involved in a brute-force attack, so attackers can run several attacks in parallel to increase their chances of success.”
With the shift to remote working due to the coronavirus outbreak and lockdown, cybercriminals have found a more available and tempting target for these attacks. As network and server administrators are forced to sign in to critical systems remotely, their accounts require access to Microsoft’s Remote Desktop Protocol (RDP). But in some cases, the passwords used to secure these accounts may be simple or weak. Once the attacker obtains the password, they can remotely compromise the network and manage multiple Windows systems.
“It comes as no surprise that bad actors now direct brute-force attacks towards individuals,” Gurinaviciute said. “Users working from home don’t have the extra layers of protection provided by their offices or enterprise systems, making them much easier targets. Many users also choose weak passwords, which are relatively easy to compromise using simple brute-force techniques.”
To defend your organization against brute-force attacks, NordVPN Teams offers several pieces of advice.
Look for signs. If someone is repeatedly and unsuccessfully trying to sign into a certain account, that’s often a tipoff of an attempted brute-force attack. Such signs include: Observing the same IP address unsuccessfully trying to log in multiple times; observing many different IP addresses unsuccessfully trying to log in to a single account; and observing multiple unsuccessful login attempts from different IP addresses in a short period of time.
Tighten security. Organizations should improve security by setting up two-factor or multi-factor authentication, putting their website behind a web application firewall (WAF), installing a VPN gateway to secure all RDP connections from outside the network, and encrypting data on devices used for work. Further, companies should find time to train employees on digital security.
Catch an attack in progress. Finding and neutralizing a brute-force attack in progress is your best bet. Once attackers have access to your network, they’re more difficult to catch. After you discover and stop the attack, you can then block or blacklist the IP address to prevent additional attacks from the same source.
“Avoiding brute-force attacks can simply be a matter of changing the company’s online habits, like using stronger passwords and not reusing them, or updating easy-to-guess URLs,” Gurinaviciute said. “Enforcing user locking after a few unsuccessful password attempts may also help to mitigate the attack at an early stage.”