Due to COVID-19, the number of attacks on ICS via RDP has increased
During the COVID-19 pandemic, the number of cyberattacks against industrial enterprises using brute force attacks on the RDP protocol has increased. This is reported in the report of "Kaspersky Lab" for the first half of 2020.
According to the report, from February to May of this year, the number of cyberattacks on ICS has steadily increased. In February, cyber attacks using brute-force attacks on RDP accounted for 0.16% of all cyber attacks on ICS, and in May this figure increased to 0.33%. In June, the number of such attacks began to gradually decrease, but still remains above average. The rise in attacks on RDP coincides with a rise in the number of organizations that started using RDP during the COVID-19 pandemic.
According to the report, until February 2020, the number of industrial organizations using remote administration tools (RATs) steadily declined and then stabilized. According to experts, this may also be associated with a pandemic, as organizations have a need to provide the ability to remotely access corporate systems.
“In our opinion, the increase in the number of industrial computers that use RDP may indicate that most of the new RDP sessions were authorized by IT and information security services. In fact, other things being equal, it may be easier to configure and control the secure operation of RDP services than any other RAT application. It looks like the permission to install the new RDPs was a compromise, caused by the objective need to remotely perform production tasks in a pandemic, ”the report says.
According to Kaspersky Lab, in the first half of 2020, its products blocked 32.6% of ICS attacks, which is 6.6% less than in the second half of 2019.