Brute force attacks are increasing
It happens all too often that while working from home the back door is wide open for hackers, you may be doing this without thinking about it, having unnecessary active ports on your computer is a security risk that is sometimes underestimated. That's because an open port can be exposed to brute force attacks.
What are brute force attacks?
In a brute force attack, an attacker tries every possible way to get in. One of the methods hackers use to log into your system is to try endless combinations of usernames and passwords until one of the many combinations works.
Brute force attacks are usually automated, so it doesn't cost the attacker much time or energy. Certainly not so much as individually trying to figure out how to access a remote system. Based on a port number or other system-specific property, the attacker chooses the target and method and then initiates his brute force application. He can then move on to the next target and be notified when one of the systems guesses a correct password for your user account. Want to know more about Brute Force? Click here
Brute forcing RDP ports
To increase its effectiveness, Ransomware attacks are becoming more and more targeted and one of the main attack methods is it Remote Desktop Protocol (RDP). Remote desktop is exactly what the name implies, an option to control a computer system remotely. It almost feels like you're actually sitting in front of that computer. That is exactly what makes an attacker with RDP access so dangerous.
Due to the current pandemic, many people are working from home and then maybe for a while. Working from home has the side effect of opening more RDP ports. Not only to give staff access to company resources from home, but also to enable IT staff to troubleshoot employees' devices. Many companies rely on technical support teams that use RDP to troubleshoot employee systems.
But Ransomware is not the only reason for these types of attacks. Cybercriminals can too Keyloggers or install other spyware on target systems to learn more about the organization they violated. Other possible targets are data theft, espionage or extortion.
Protect against brute force attacks
These are a few ways to protect yourself against Brute-force attacks:
- Limit the number of open ports.
- Restrict access to those who need it.
- Improve port and protocol security.
For the ports that need to be left open and where you expect visitors, it's a good idea to disable outdated usernames, rotate passwords, and 2FA to use, if possible.
Security software that monitors the entire network should ring alarm bells when a large number of attempts are detected. Anything that behaves like a brute force attack looks so different from normal login attempts that it shouldn't be a problem if it gets blocked. When a brute force attacker is locked out for a few minutes after a few failed attempts, it will slow him down a lot and give you plenty of opportunity to take corrective and defensive action.