Tips On How To Secure Remote Workers: It’s Time To Be Prepared For The New Challenges
Although remote work has been a growing trend in the business ecosystem for many years, it is gaining more and more traction among companies due to the COVID-19 outbreak. Plenty of organizations around the globe are growingly using the model when employees stay and work from home, thus preventing the spread of the disease. This approach makes perfect sense in light of the growing healthcare crisis. Still, it also offers additional opportunities for malicious actors to spy on sensitive data and infect commercial networks with malware, including such dangerous things as ransomware. In particular, cybercrooks are increasingly targeting conferencing software and VPN services. They are also rethinking phishing emails and malicious websites to align them with people's fears arising from coronavirus statistics and overall uncertainty ahead.
Below is information on cybercrime vectors aimed at remote workers and tips to stop these raids from affecting you.
VPN Security Stands Out
For secure connection to enterprise IT networks and full access to the necessary corporate data, distant workers often use VPNs ( Virtual Private Networks) to protect sensitive traffic from interception and other types of unauthorized manipulations. Responding to the continuing boom in using corporate VPNs for teleworking, criminals are coming up with clever ways to compromise these networks.
On March 13, CISA (U.S. Cybersecurity and Infrastructure Security Agency) published a security alert [1] concerning enterprise VPNs. The federal agency urged businesses to assess and strengthen the protection of remote workplaces of their employees. The alert singles out several possible risks:
- Because VPN is an important technology that allows secure connection and data transfers for remote workers, hackers are trying to find and exploit all possible vulnerabilities in VPN tools and protocols.
- Organizations use virtual private networks 24/7, so they cannot always quickly install updates that provide the latest patches.
- Threat actors are probably to send more targeted phishing emails trying to get remote workers to reveal their user credentials.
- Businesses that do not use MFA (multi-factor authentication) to establish remote access sessions are more vulnerable to breaches.
- Organizations generally preconfigure and support a limited number of VPN connections, which means that members of the IT security teams may not be able to do their jobs during high-peak periods.
The concept of working with virtual private networks essentially means that organizations face a single point of failure. By breaching VPN connections, cyber thieves can penetrate the business environment and steal all sensitive information.
As the problem worsens, CISA also lists measures to improve corporate VPN security. According to official guidelines, organizations must comply with the following practices:
- Regularly update VPN and network equipment. The same should apply to all devices used by employees for remote connection to the work environment.
- Inform all staff members about the growth of spear-phishing attacks.
- Ensure that the IT security department is prepared to perform tasks connected to remote access protection, such as log analysis, attack detection, and disaster response and recovery.
- Make MFA (multi-factor authentication) mandatory for all VPN users. If this is not possible for some reason, instruct remote workers to use very strong passwords.
- Order the IT security department to test the VPN service to understand its limits and potential. Configure flexible bandwidth distribution so that workers who perform the most important tasks can stay uninterruptedly connected all the time.
For its part, CISA previously warned [2] organizations about a new vulnerability of the popular Pulse Secure VPN. Documented under the number CVE-2019-11510, this flaw can constitute the basis for RCE (remote code execution).
In an unfavorable scenario, crooks deliver the enterprise-oriented ransomware, like the famous Sodinokibi strain, onto the corporate network. If not patched, the above-mentioned vulnerability can also lead to disabling MFA and monitoring logs containing cached user names and passwords.
Aside from the above recommendations, it is good to make sure that your VPN Kill Switch is working properly. This option ensures that corporate traffic will not be intercepted while on the public internet if a secure connection goes down. The Kill Switch will stop all outgoing connections in case the VPN suddenly fails.
Criminals Focus On Virtual Meetings
Conference software is another technology that has made a huge breakthrough in the business ecosystem because of the COVID-19 epidemic. As with VPN, hackers have stepped up their attempts to find flaws in software used for virtual meetings. This has already become a source of eavesdropping.
Given the high risks, NIST (National Institute of Standards and Technology) also warned [3] organizations of the new threats. NIST indicates that while the top virtual meeting services are well designed and equipped with all necessary security features, some additional precautions may enhance corporate protection against privacy and security incidents. NIST’s recommendations:
- Follow the company policy as to the security of online meetings.
- If you intend to discuss a sensitive topic, use meeting IDs or one-time PINs.
- Avoid reusing access pins and codes for conference calls.
- Do not share these codes with non-intended employees to avoid exposure of sensitive data.
- Use the “virtual waiting room” option to prevent the meeting from starting abruptly until the host is ready.
- Set up alerts that notify about new participants joining the meeting. All participants should be identifiable.
- Keep track of everyone attending the online meeting.
- It is not advised to record a conference. In case it is needed, the recording should be encrypted and protected with a passphrase.
- Prohibit the use of personal devices for virtual meetings.
NIST also emphasizes that the list of people who would like to eavesdrop on web conferences is not limited to cybercriminals or state-sponsored groups. Fired or dissatisfied workers who have access to IT infrastructure may try to steal secrets too.
Additional Security Considerations
The quick growth of teleworking creates a good opportunity for attackers to launch their offensive play on a larger audience. In addition to compromising the VPN software and software for online conferences, hackers are also increasingly using phishing attacks that parasitize on the coronavirus topic.
For example, the latest phishing campaign is pretending to be sent by the World Health Organization and is trying to get people to share their personal information. Other fake emails impersonate [4] the US Center for Disease Control and Prevention. Criminals are forcing users to click malicious links masqueraded as COVID-19 reports.
In general, both organizations and home users have become the epicenter of new waves of targeted cyber attacks. It's time to fix possible vulnerabilities and get ready for new threats.
References:
[2] Continued Exploitation of Pulse Secure VPN Vulnerability
[3] Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
[4] [Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild