Beware the security threats from rolling out remote working

Remote working woman at home
(Image credit: Shutterstock.com / ImYanis)

We are now in the grip of the virus and society has been forced to rethink its way of life. Working from home has rolled out at pace. Communication platforms and collaborative tools are being embraced worldwide, helped by introductory offers.

Early on network capacity was considered at risk due to the volume of people working and using services like online gaming all at once. The Austrian regulatory authority, RTR, was one of the first to impose throttling of certain services like video streaming and companies like Netflix have also taken action to reduce congestion by reducing video quality so that capacity isn’t squandered.

Managing the load on the network is causing CTOs to scratch their heads too. As they rapidly roll out enterprise VPNs and remote desktop solutions to give employees access to sensitive resources and internal applications, they must find ways to balance the volume on the network. Plus, they need to keep it secure.

So, what should CTOs be doing first?

Protecting against service disruption from DDoS

Taking measures to prevent disruption to critical servers is paramount. Distributed Denial of Service attacks are high up on the list of threats. We know that such attacks create large volumes of ‘garbage’ traffic to saturate the pipe, but they can also be used for more insidious reasons such as attacking the intricacies of the VPN protocol. A flow as little as 1Mbps can knock a VPN service offline.

Load balancing

Balancing the volume on the network is also more complex now as more people remotely access the desktop, files, emails and services like Office365 and cloud apps like Salesforce and Workday. This can be managed with load balancing, software defined wide area networks, and web performance optimisation – like FastView.

Putting on-demand applications into the cloud so they can be accessed remotely is also a smart move. Load balancing can then scale up applications regardless of where they are located.

But this strategy is greatly undermined if the network and the applications are not secure. It’s therefore imperative there is authentication to validate a user before anything is accessed. People on the network have to be trusted. No one wants a data breach and GDPR fine on top of everything else.

VPN security

At the start of 2020, VPN security was in the spotlight as multiple vulnerabilities in enterprise VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix were exploited by malicious actors and nation states alike. Companies responded by patching or withdrawing the remote access and the problem of attacks died back.

However, introducing home working at pace and on a much larger scale, is likely to bring entice unscrupulous actors into action. Every company needs to undertake special care to ensure the patches are applied before switching any new or extended service on. But more than this, they must commit to maintaining updates and patches during this period of flux. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be by a fair margin, the most important attack vector for ransomware.

CIOs need to acknowledge that in introducing / extending RDP they are broadening the attack surface. And that the temporary solutions they are putting in place (that could become permanent) have to be secure at all times.

It’s therefore really important to adapt risk models. It’s possible that some companies won’t be able to think about this right now such is the urgency to keep the business operating. But they must return to it. It would be foolish to roll out new services with emphasis on access and usability and neglect security.

Passwords

From the numerous breaches we have seen in the past, it’s evident that strong passwords or some form of multi-factor authentication (MFA) is an absolute requirement when providing remote desktop access to home workers. Best practice would be to get all employees to reset their passwords as they connect remotely and prompt them to choose a new password that complies within a strong password complexity guideline.

As we know, people have a habit of reusing their passwords for one or more online services – services that might have fallen victim to a breach. Hackers will happily leverage these breach batches and go to town.

Social engineering

Fear of the virus and a continuous need for up-to-date information provides a great breeding ground for abuse too. CIOs need to remind their teams of the risks posed by weblinks and the infodemic / fake news that’s all around.

A good example of this is the abundant phishing campaigns that are luring people in with the promise of important or breaking information on Covid-19. They are designed to entice them to click malicious links or open infected attachments. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020.

It’s a sad reflection of the cybersecurity world - some people have no ethics and will exploit the horrendous humanitarian disaster we face. In January, malicious actors started leveraging public fear of the virus to spread the notorious Emotet malware. Emotet, first detected in 2014, is a banking trojan that primarily spreads through ‘malspam’ and attempts to sneak into computers to steal sensitive and private information. These scams are continuing and we’ll see more invented in the coming months.

Bad Robots

While the world has yet to see reports of fake news generated by machines there’s a high probability it will happen. Spambots are already creating pharmaceutical spam campaigns thriving on the need for information about the virus so it’s only a matter to time before more sophisticated methods are used.

That’s why CIOs need to educate employees on the most popular and obvious bot techniques for infiltrating a network - click bait and comment spamming. Bots inject popular and frequently searched keywords into comments on spam sites to increase the visibility and ranking of the site in search results. ‘Coronavirus’ is a trending search term in Google and using it on a page will ensure the sites come up favourably in search algorithms. People have to understand the mentality of hackers, and the tactics they use, so they can avoid falling in the trap.

All these things combined show the battles CIOs face. They are challenging but not insurmountable. It will require a ‘more speed, less haste’ approach when it comes to rolling out, scaling up and integrating technologies. That’s easier said than done when there are pressures to stay trading, but it is imperative to ensure the actions taken now don’t encourage security disasters in the future.

Pascal Geenens, security researcher, Radware

Pascal Geenens

Pascal Geenens is a security researcher and evangelist at Radware.

As Global Threat Intelligence Director for Radware, Pascal helps execute leadership on today’s security threat landscape. Pascal brings over two decades of experience in many aspects of Information Technology and holds a degree in Engineering from the Free University of Brussels, specialised in electronics and parallel computing. As lead of the Radware Security Research team Pascal actively researches IoT malware. Pascal discovered the BrickerBot, JenX and Demonbot botnets, did extensive research on Hajime, the Hadoop YARN attack surface, and follows closely new developments and threats in the IoT space as well as applications of AI in cyber security and hacking.