The number of computers running Windows, potentially vulnerable to attempts to access via the RDP protocol, from the beginning of April to the end of May in Russia has grown by 230%, reaching 101 thousand, says DeviceLock. The rapid growth is due to the fact that against the background of self-isolation, the number of servers, including those open to the Internet, also grew rapidly, Kommersant quotes the opinion of the founder and technical director of DeviceLock Ashot Oganesyan.
According to Hovhannisyan, most companies only allow remote table connections using VPN (Virtual Private Network) technology. But a certain percentage of servers are allowed authorization without a password, and this poses a significant danger to corporate networks, warns Oganesyan.
Alexey Novikov, director of the Positive Technologies expert center, adds that all popular VPN solutions also have vulnerabilities that can lead to unauthorized access and failure of remote infrastructure. According to him, the rapid transition to remote work contributed to the fact that the efficiency of the infrastructure was put at the forefront, and not information security.
According to a survey conducted by Positive Technologies in mid-April of this year among information security specialists, more than half of respondents noted that due to the pandemic, remote access had to be urgently organized from scratch (11%) or urgently scaled (41 %).
According to Igor Zalevsky, head of the JSOC CERT cyber incident investigation department at Rostelecom, with the growth in the number of targets (the same RDP), the number of attacks increased. For example, the number of attempts to brute-force RDP passwords increased from 3-5 times to 9-12. The attacks themselves began to last longer - from two to three hours. On average, attackers need a day and a half to gain access to large companies with a large IT security department, says Igor Zalevsky. He recommends that companies monitor server logon information and back up the information in advance so that it is not blocked by hacker attacks.
According to Hovhannisyan, most companies only allow remote table connections using VPN (Virtual Private Network) technology. But a certain percentage of servers are allowed authorization without a password, and this poses a significant danger to corporate networks, warns Oganesyan.
Alexey Novikov, director of the Positive Technologies expert center, adds that all popular VPN solutions also have vulnerabilities that can lead to unauthorized access and failure of remote infrastructure. According to him, the rapid transition to remote work contributed to the fact that the efficiency of the infrastructure was put at the forefront, and not information security.
According to a survey conducted by Positive Technologies in mid-April of this year among information security specialists, more than half of respondents noted that due to the pandemic, remote access had to be urgently organized from scratch (11%) or urgently scaled (41 %).
According to Igor Zalevsky, head of the JSOC CERT cyber incident investigation department at Rostelecom, with the growth in the number of targets (the same RDP), the number of attacks increased. For example, the number of attempts to brute-force RDP passwords increased from 3-5 times to 9-12. The attacks themselves began to last longer - from two to three hours. On average, attackers need a day and a half to gain access to large companies with a large IT security department, says Igor Zalevsky. He recommends that companies monitor server logon information and back up the information in advance so that it is not blocked by hacker attacks.
