The remote workforce has a long track record of being one of the pillars of the global business ecosystem. In 2020, this approach has been soaring due to the COVID-19 crisis that caused numerous organizations to rethink their operational models and fit the context of disease prevention. Because the preparedness of many companies for such a groundbreaking shift is low, they are hitting quite a few roadblocks along the way.
When confronted with a trade-off between employees’ online security and a desire to stay afloat in these hard times, some businesses prioritize the latter. As a result, cybercrooks are getting more opportunities to exploit loopholes in the implementation of mainstream tools used for maintaining telework. Video conferencing software and virtual private network (VPN) services are being hit the hardest.
Amid the healthcare emergency, malicious actors are piggybacking on companies’ slip-ups to eavesdrop on their communications or contaminate their networks with harmful code such as info-stealers and even ransomware. In addition to compromising the above-mentioned tools, adversaries are increasingly aligning the subjects of their phishing campaigns with the panic around the coronavirus to game personnel’s pain points.
Stepping Up VPN Security Is a Must
Employees working off-premises need a reliable and, just as importantly, tamper-proof connection with their organization’s IT infrastructure. Ideally, VPN is supposed to prevent online communications from being intercepted by third parties. This explains why these services are currently booming in the enterprise environment.
Unsurprisingly, cybercriminals think of the heightened dependency on VPN tools as a call to action. They are ramping up efforts to probe these applications for weaknesses that could fuel large-scale attacks.
In light of the escalating menace, the US Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations to a spike in VPN abuse. The advisory published in mid-March 2020 recommends businesses to strengthen their security practices relating to telework and highlights the following top risks in this area.
- Since VPN is one of the strongholds of remote workforce implementation, threat actors are growingly focusing on spotting and exploiting new loopholes in these tools.
- Companies leverage VPN round the clock. This uninterrupted use makes it difficult for IT teams to stay abreast of all the updates that patch known security issues.
- Hackers are expected to pull off more phishing scams that try to manipulate remote workers into disclosing their authentication credentials.
- Companies that do not enforce the use of multi-factor authentication by employees are more vulnerable to phishing hoaxes.
- Enterprise networks can maintain a finite number of concurrent VPN connections. If service downtime occurs due to peaks in VPN use across the organization, IT teams may be unable to respond to security incidents.
In the worst-case scenario, compromising VPN connections can allow an adversary to gain a foothold in the company’s entire network and access sensitive data. To mitigate the risk, CISA lists several hands-on recommendations.
- Regularly update your VPN applications and network infrastructure equipment. The same goes for devices (either personal or company-issued ones) your teams use to connect to the enterprise network. Timely updates are a critical prerequisite for applying the latest security patches and configurations.
- Make sure your colleagues are aware of the expected growth in phishing scams targeting your organization. Every dubious email should raise a red flag and be reported to InfoSec staff.
- Ascertain that your cybersecurity team is all set to dodge remote access abuse situations by means of early detection, log review, as well as incident response and recovery.
- Enable multi-factor authentication for all VPN connections. If this cannot be implemented, make sure that remote workers use strong passwords to sign in.
- Test VPN connections for bandwidth thresholds and configure the network to prioritize specific employees during peak usage periods.
Before entrusting your company’s digital health to a VPN provider, do your homework and check its reputation. Also, pay attention to vulnerability reports and past incidents involving the service.
Last January, CISA had warned organizations about the risks stemming from the use of the Pulse Secure VPN solution. According to the federal agency, this application had a remote code execution vulnerability documented as CVE-2019-11510.
If exploited, this flaw allows an unauthenticated adversary to hack a VPN server, steal users’ plaintext credentials, and run arbitrary commands on client computers. Some cybercriminal gangs have reportedly weaponized this vulnerability to infect enterprise networks with the Sodinokibi (REvil) ransomware.
One more safety measure is to ascertain that the VPN kill switch feature is enabled and works properly. It automatically blocks all Internet traffic if the encrypted connection becomes unavailable for whatever reason.
Attacks Against Conferencing Apps Are on the Rise
In a paradigm where employees work out of office, web conferencing software has become an indispensable component of the enterprise equation. Predictably enough, bad actors are increasingly parasitizing security weaknesses in these tools to spy on organizations or spread malware. It turns out that some of these applications are ridiculously easy to exploit.
Many of you have probably heard about Zoom security issues that started hitting the headlines in the spring of 2020 when its user audiences grew dramatically. In late January 2020, a vulnerability in Cisco’s Webex platform was discovered that allowed unauthenticated users to join video meetings. Bugs like that are surfacing once in a while, demonstrating that these utilities are not ultimately reliable, to put it mildly.
In response to the peril, the US National Institute of Standards and Technology (NIST) outlines the risks related to the exploitation of web conferencing software. The agency also lists countermeasures for that kind of abuse. Here is a recap of these tips:
- Follow your company’s policies pertaining to virtual meeting security.
- Abstain from reusing access codes for online meetings. If you stick with the same code, chances are that you will share it with too many people over time.
- If you are going to discuss a sensitive topic, add an extra layer of security through unique identifier codes or one-time PINs. Two-factor authentication (2FA) is a decent option, too.
- Use the “waiting room” feature to put the meeting on hold until the host joins.
- Configure the software to generate a notification when a new attendee joins the conference. If the tool lacks this functionality, all participants should identify themselves.
- If the web conferencing solution provides a dashboard to keep track of participants, be sure to use it.
- Avoid recording the meeting. If you need these materials for future use, then store them in encrypted form.
- Require your employees to use company-issued devices for video conferencing.
According to NIST, seasoned hackers are not the only individuals who may want to eavesdrop on your virtual meetings. Former coworkers who bear a grudge against your organization and still have access to some enterprise IT resources can be tempted to steal your secrets as well.
The pandemic has precipitated a bizarre situation in which employees’ physical well-being and enterprise cybersecurity are overlapping. By implementing remote work tools on a large scale to halt the spread of the disease, organizations have found themselves faced with new challenges.
A catalyst for the problem is that criminals are busy masterminding ways to compromise VPN and web conferencing applications. Unfortunately, some of these solutions have critical vulnerabilities that do not get along with proper security. The rise in COVID-19 themed phishing attacks is one more serious pitfall, and therefore security awareness training programs for personnel are now more important than ever before.