Researchers spot massive increase in RDP attack attempts

The COVID-19 pandemic continued to influence the cybercrime landscape in 2020, ESET reveals. Most notably, the new attack surface created by the shift to work from home brought further growth of Remote Desktop Protocol (RDP) attacks, albeit at a slower rate compared to previous quarters.

RDP attack attempts surge

Between Q1 and Q4 2020, telemetry recorded a staggering 768% increase in RDP attack attempts.

“RDP security is not to be underestimated especially due to ransomware, which is commonly deployed through RDP exploits, and, with its increasingly aggressive tactics, poses a great risk to both private and public sectors. As the security of remote work gradually improves, the boom in attacks exploiting RDP is expected to slow down – we already saw some signs of this in Q4,” explains Roman Kováč, Chief Research Officer at ESET.

Increase in COVID-19-themed email threats

Another trend observed in Q4 was an increase in COVID-19-themed email threats, especially related to the end-of-year vaccine rollouts. Vaccinations offered cybercriminals an opportunity to extend their portfolios of lures used, a trend that is expected to continue in 2021.

The featured story of the report recounts the events of October 2020, when ESET took part in a global disruption campaign targeting TrickBot, one of the largest and longest-lived botnets. These coordinated efforts resulted in 94% of TrickBot’s servers taken down in a single week.

“There was a sharp decline in TrickBot’s activities following the disruption operation late last year. We are continuously monitoring the TrickBot botnet, and the level of activity remains very low to this day,” comments Jean-Ian Boutin, Head of Threat Research at ESET.