The double-edged sword to secure remote work: Balancing productivity and cybersecurity

The double-edged sword of secure remote work: Balancing productivity and cybersecurity

  • An increasing number of ransomware groups are utilizing RDP to target and compromize a greater number of businesses.

As society bounces back from the pandemic, some changes, such as remote work, persist. It’s not merely a trend but the future of work for many individuals, despite some enterprises needing otherwise. The countless benefits of remote work for individuals range from shortened commute times to improved productivity.

However, organizations have a point in requesting employees return to work in the office as there has been an escalation in security risks. Confidential data is in perpetual motion between business and home settings, as well as cloud platforms and data centers, broadening the scope of potential attack surfaces more than ever before. Therefore, there are many reasons for individuals and businesses to effectively secure remote work.

Interestingly, Kaspersky reports a decline in Bruteforce attacks targeting remote workers in Southeast Asia (SEA), which is positive news, but shouldn’t lead to complacency.

Remote Desktop Protocol (RDP) is Microsoft’s exclusive protocol that offers users a graphical interface for connecting to another computer via a network. System administrators and non-technical users commonly employ it for remote control of servers and other computers.

Bruteforce.Generic.RDP attacks aim to identify valid RDP login/password combinations by systematically testing all potential passwords until the right one is discovered. A successful attack grants the perpetrator remote access to the targeted host computer.

According to telemetry data from the global cybersecurity company, Kaspersky’s B2B solutions blocked 75,855,129 Bruteforce.Generic.RDP incidents aimed at companies in SEA during the previous year.

The total number of Bruteforce attacks in 2022 fell by 49% compared to 2021’s figure of 149,003,835 incidents. This decrease was noted across all six countries in SEA.

Regarding the distribution of Bruteforce attacks last year, businesses in Vietnam, Indonesia, and Thailand experienced the highest number of incidents.

The double-edged sword of secure remote work: Balancing productivity and cybersecurity

Source – Kaspersky

Yeo Siang Tiong, Kaspersky’s General Manager for Southeast Asia, stated that while nearly 150 million Bruteforce attacks targeted companies in the region in 2021, the following year saw only half that number.

“It’s a good sign at first glance,” said Yeo. “In part, this was influenced by shifting to either a pure face-to-face or a hybrid remote environment, which means there are fewer remote workers in the region as compared to the peak of the pandemic in 2022 and 2021.”

“It is, however, too early for businesses to proclaim total safety from Bruteforce attacks. Looking at the wider threat landscape, our experts see more modern ransomware groups exploiting RDP to gain initial access to the enterprise they are targeting. It’s a red flag that security teams should pay close attention to,” Yeo adds.

The growing importance of secure remote work

Over 200,000 new ransomware variants are identified daily, translating to 140 new strains per minute that can evade detection and cause significant harm. Ransomware operators do not stop, even when victims pay the requested ransom.

Ransomware actors are motivated to become increasingly inventive in their attacks and demand exorbitant ransoms, as some companies choose to pay the ransom and keep the incident secret. This typically occurs due to fear of negative social consequences.

A recent report from Kaspersky unveiled the most prevalent initial access methods employed by ransomware groups. Exploiting external remote services emerged as the top technique among the analyzed ransomware groups.

In the report, all eight ransomware groups examined, primarily functioning as RaaS (Ransomware as a Service) – Conti, PysaClop (TA505), Hive, Ragnar Locker, Lockbit, BlackByte, and BlackCat – use valid accounts, stolen credentials, or Bruteforcing to infiltrate a victim’s networks.

The report also highlights that all ransomware groups utilized open RDP for initial system access, as it is the most straightforward entry point.

This does not imply that employers should eliminate all remote work arrangements. On the contrary, remote work offers benefits like improved work-life balance for employees and reduced facility expenses. However, Kaspersky’s findings emphasize the importance of prioritizing cybersecurity in remote work policies.

A best practice for defending against RDP-related attacks is to place RDP behind a VPN with proper configuration and to use robust passwords.

Kaspersky experts also recommend implementing a comprehensive defensive strategy to minimize the risk and impact of ransomware attacks caused by RDP Bruteforce. This includes equipping, informing, and guiding your team to combat sophisticated, targeted cyberattacks through the Kaspersky Extended Detection and Response (XDR) platform.