At a time when hybrid working is normalised, many companies have taken to using the Remote Desktop Protocol (RDP) that enables computers on the same corporate network to be linked together and accessed remotely even when employees are at home.

However, this has given cybercriminals another attack vector to penetrate networks, compromise systems, and steal data.

Globally, this threat is a significant cause for concern. For example, according to Kaspersky research conducted on small and medium-sized businesses, in the first trimester of 2021 there were approximately 47,5-million RDP attacks in the US, whereas this year the number had risen to 51-million.

Closer to home, RDP attacks experienced a decline in South Africa and Kenya, but Nigeria had an 89% increase for the first four months of 2022 when compared to the same period last year.

“In today’s connected environment, a major challenge is the increasing number of people relying on remote-access tools,” says James Gumede, SADC territory account manager at Kaspersky. “In the move to rapidly enable work from home with the onset of the pandemic two years ago, many companies across Africa and the world rushed to implement RDP which resulted in misconfigured systems that are still being exploited by cybercriminals.”

From large corporates to SMEs, businesses have embraced remote working as part of the new operating environment. But this means that their security measures must evolve to reflect the complexities associated with remote access setups. It comes down to every person who accesses the company network needing to follow best practice and understanding the tactics that cyber criminals will use to compromise their personal and business devices and networks.

“Working from home is a wonderful way for companies to save on infrastructure costs,” says Gumeda. “For employees, it means spending less time in traffic and more time working and with family.

“But this does come with significant risk given the global proliferation of RDP attacks. While still critical, traditional anti-virus and firewall solutions are not adequate to protect against these advanced threats.

“Even though South Africa and Kenya might have experienced a decline in these attacks, this will likely change as more people rely on hybrid work leaving many potential weak points in the corporate network.

“Furthermore, these RDP attacks can be targeted to focus on high-value individuals in the company such as the C-suite. Compromising their system provides additional opportunities to spoof emails to the rest of the company, customers, and suppliers,” he adds.

Even if corporate security policies can manage updating every work computer’s operating system and all other settings, people’s home routers will remain outside the company’s control. IT teams will not know if these devices that connect to the network have the latest firmware installed or are password-protected to avoid compromise. This makes it an easy avenue for RDP attacks to take hold.