Database server, Web attacks on the rise during lockdown
Telemetry data from Kaspersky has revealed that brute force attacks on databases and Web attacks have grown by almost a quarter daily in the first trimester of this year, during the period when many were working from home due to COVID-19.
“From an information security standpoint, an employee within the office network and an employee connecting to the same network from home are two completely different users,” the company explained. “It seems cyber criminals share this view, as the number of attacks on servers and remote access tools has increased as their usage has grown, with the average daily number of brute force attacks on database servers in April increasing by 23% from January.”
In addition, Kaspersky says the average number of Web attacks blocked by Kaspersky Web threat detection technologies has increased by 25% since January this year.
The researchers also detected an increase in Trojan-PSW browser script modifications, which are used to steal bank card credentials entered by users on online shopping platforms, and then transferred to threat actors.
“Web sites capable of silently installing cookie files on users’ computers and resources that injected advertising scripts into users’ traffic also accounted for a significant share of the threats,” says Kaspersky.
Denis Parinov a security researcher at Kaspersky, says normally when the company monitors changes in activities of certain threats, it considers it’s far-fetched to associate them with current world events.
“However, this case is different, as users’ behaviour has changed worldwide. Undoubtedly, all changes in activity cannot be fully tied to users staying home with absolute certainly – there are always other unaccounted factors in the equation — but the trend certainly shows that staying home has affected both users and cyber criminals,” he adds.
Kaspersky advises users to follow several steps to protect themselves from Web threats, starting by checking the Web site’s authenticity. When connecting to corporate networks from home, irrespective of the tools used, the company advises to use different, strong passwords for accessing corporate resources. “Also, update all software on all devices to the latest version, where possible use encryption on devices used for work purposes, and make backup copies of critical data.”
For employers who need to use remote desktop protocol (RDP), Kaspersky advises to enable access to RDP through a corporate VPN, and enable the use of network level authentication when connecting remotely. “If possible, enable multifactor authentication, and always use a security solution empowered with network threat protection.”