Rapid increase in cyber attacks Aim for corporate servers used for telework

Rapid increase in cyber attacks Corporate server used for telework Aim May 23 at 23:30

An analysis by an information security company has revealed that cyber attacks, which seem to have been aimed at the servers of companies used for telework, have increased sharply since last month while the introduction of telework as a countermeasure against the new corona virus is progressing.

According to the analysis of "Kaspersky" of the information security company, there were 223 cyber attacks that attempted unauthorized access by brute force entering IDs and passwords against the servers of Japanese companies. In contrast, the number was 323 last month, which was more than 1.4 times higher.

It is said that such a technique is often used when attacking a telework system, and it has also been confirmed that the attack is made on the server of a company that is actually used for telework.

It was pointed out that the introduction of telework by the countermeasures against the new coronavirus has progressed and cyber attacks may increase, but it is the first time that it has been confirmed that the attacks that are actually aimed at telework are increasing. is.

Kaspersky's researcher Jie Ishimaru, who conducted the analysis, said, "There are cases where we are using a system with weak security or are using the wrong settings due to the introduction of urgent telework. Check the safety measures again. I want it. "

Attack mechanism and countermeasures

The number of cyber attacks that have surged this time is called “brute force attack”. In order to identify the ID and password of the intruding server, it is a technique to try illegal access by randomly entering characters or trying all the list of commonly used character sequences. Although there are differences depending on the number of characters in the password, etc., it means that the program may automatically enter more than several hundred million combinations.

It is easy to be targeted because it is a system called "remote desktop" that operates a personal computer from home, which is often used for teleworking, and a cloud system server that shares files. This means that companies that have begun urgent teleworking may find the login screen, which is the entrance to these systems, open to the public on the Internet, which makes it easy to be targeted.

Countermeasures against such attacks are effective, such as communication through a virtual leased line, two-step authentication, and prohibiting access after a certain number of failed login attempts.