During isolation, the number of computers on Windows in Russia, is vulnerable to access attempts by the remote desktop Protocol (RDP), grew by 230% to 101 thousand, estimated in DeviceLock. Attacks can protect VPN solutions, but they often contain vulnerabilities, experts warn. Obtained in this method, the accounts in the networks of the companies the hackers then sell on the darknet only 300-500 rubles.— the price effect the highest offer.The number of computers on Windows operating system, potentially vulnerable to access attempts via RDP from the beginning of April to end of may in Russia rose by 230%, totaling 101 thousand, told in DeviceLock. The rapid growth stems from the fact that the background of self-isolation rapidly growing number of servers, including the open Internet, says the founder and technical Director of DeviceLock Oganesyan.According to Mr. Hovhannisyan, most companies allow you to connect Protocol remote desktop only via the VPN (Virtual Private Network, virtual private network), with a small percentage of servers allowed to authenticate without a password, which poses a risk to corporate networks, warns Oganesyan. But in all popular VPN solutions are also present vulnerabilities that can be an additional point of failure for your remote infrastructure, the Director of the expert center Positive Technologies Alexey Novikov.In General, with increasing number of targets for attack became more and cyber incidents, confirms Alexey Novikov. “With increasing amounts of RDP on the perimeter there is a new target for botnet that scans the space,” he explains. In his opinion, the reason for this was the rapid transition to remote work when the first priority for companies was to ensure infrastructure health, and data security issues had a lower priority.The survey, which is conducted by Positive Technologies 7-14 APR among specialists in information security, more than half of the respondents said that pandemic remote access urgently it was necessary to organize from scratch (11%) or urgent scale, as previously it was only implemented for certain employees (41%).During the transition to remote work, many companies choose the easiest way of ensuring access to infrastructure for employees — the remote desktop Protocol, said the head of the Department of investigation of cyber incidents JSOC CERT of Rostelecom Igor Zalewski at the conference “Kommersant” on 28 may. According to him, with increasing number of targets increased and the number of attempts of attacks: if the APR on the average one customer of the company occurred three to five attempts at guessing the password to a remote desktop in the day, then, for example, on may 27, was from 9 to 12 such attempts. KROIU fact, in may such attacks began to last longer: they last from two to four hours without a break, although usually, the attackers tried to pick passwords shorter raids during the day. As a rule, access to a large company with a large staff of Department of information security attackers takes an average of a day and a half, says Igor Zalewski.If attackers infiltrated the server, most often immediately try to create a new account on it, says Mr. Zalewski, encouraging companies to monitor information about the inputs to the server. Such access points to the infrastructure companies are then sold on the darknet at the price from 300 to 500 RUB: such a low price due to the large number of proposals, says the expert. Hackers can monetize the entry point into the organization’s infrastructure by using the encryption and get access to the company, they demand a ransom to decrypt the stolen data. Salvation in such cases, it may be a early copy of the information.Yulia Stepanova
