According to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February.
Hackers select the username and password from an employee's account to log into the corporate infrastructure, explains Kaspersky Lab’s antivirus expert Dmitry Galov.
According to him, such attacks are the simplest. Hackers use, for example, dictionaries of popular passwords or passwords from leaked databases.
Brute force passwords are used on average in 70% of attacks on remote desktops using the RDP protocol.
Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.
"After gaining access, a hacker can, for example, launch an encryption virus into the corporate network to offer the management to buy the decryption code", said Dmitry Galov.
Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch, agreed that less experienced hackers sell data for access to more advanced colleagues. He noted that in recent months, offers of access to corporate infrastructure has grown on the black market from the price of $5-10 to tens of thousands of dollars.
According to the results of the first quarter of 2020, the number of offers for selling access around the world is 69% higher than in the previous quarter. The growth of such attacks in Kaspersky Lab is associated with a hasty transition to remote work: IT-services of companies were more concerned with organizing a remote workstation than with its security.
To protect against attacks, Kaspersky Lab recommends that companies use a corporate VPN and two-factor authentication and that employees set complex passwords.