<img height="1" width="1" src="https://www.facebook.com/tr?id=3212881575388825&amp;ev=PageView &amp;noscript=1">

Cybersecurity firm Kaspersky recently noted a significant increase in brute force attacks against those using remote access tools, especially Remote Desktop Protocol (RDP). In the United States alone, RDP attacks (which had averaged 200,000/day in March) shot to 1.4 million daily attempts by early April. Other countries like Spain, Italy, Russia, Germany and France saw similar spikes.

Why the increase? Since the COVID-19 pandemic began, more and more people are switching to work-from-home arrangements. A survey by Slack indicated that by March 27, as many as 16 million US workers had begun working remotely as a result of the virus. With this increase, many are using RDP, which is secured with a username and password, to access company networks from their home offices. However, if your RDP access is not secure, it could put the entire company network at risk. That’s the end game of those behind these brute force attacks.

 

What is a Brute Force Attack?

A brute force attack is when a criminal system methodically tries to hack an account by trying all possible username and password combinations until the correct one is found. These credentials may be pulled from a list of compromised passwords or may be based on a random string of characters.

Brute force attacks vary in complexity and method, but generally speaking, they need time to run in order to be successful. Since time is an important variable, most defense mechanisms against a brute force attack involve making it take longer or not giving it enough time to run.

 

How to Protect Your Network

Since attack methods can vary, there’s no one answer for blocking brute force attacks. Rather, it takes a combination of defenses. Here are some best practices that can help.

  • Have a strong password. This is always going to be step number one, the foundation of your defense. Modern computers can crack an 8-character alphanumeric password (one that has numbers, special characters, and both capital and lowercase letters) in roughly two hours. A longer, more complex password makes a brute force attack take longer, giving you more time to catch and stop an in-progress attempt.
  • Update your password regularly—every 3 to 4 months, at least. Over the last few years, we’ve seen many large corporations suffer data breaches, compromising the personal information and credentials of millions of people. No matter how strong your password is, if you’ve been using it for several years, chances are that this password is on a list somewhere that malicious actors can use for a brute force attack.
  • Update your password in response to an attack. If your systems have just experienced an breach attempt, or you are currently being attacked, change your password. That way, the attacker is back to square one in trying to crack your credentials.
  • Limit log-in attempts. Since brute force attacks involve trying to log in using multiple usernames and passwords, setting your systems to lock out a user after several failed attempts can stop most attacks. However, it’s possible to get around the log-in lockout with some sophisticated code, so having this feature set up doesn’t negate the need for good password hygiene.
  • Use multi-factor authentication (MFA). With MFA, even if an attacker gets your log-in credentials, unless they have access to your phone or another of your devices, they can’t get into your account. Many companies now offer MFA as a standard option, including Office 365, G Suite, WordPress, and more.
  • Use a Virtual Private Network (VPN). If you need to access your company network through RDP, use a VPN to do so. A VPN acts like a tunnel, directly connecting you to another network without allowing prying eyes to see or access the connection.
  • Disable RDP. If you don’t use it, you can disable RDP by closing port 3389. If you need help with this, reach out to us.

 

We’ve seen a lot of these brute force attacks recently here at SOCBOX. With our analyst team monitoring your environment 24/7, though, we can spot and move to stop these attacks before they are successful. If you need better cybersecurity for your organization, whether for a work-from-home set-up or when you’re back in the office, give us a call today at 877-284-7789, or email info@socbox.com. We’d love to help!