Transitioning To A Mass Remote Workforce – We Must Verify Before Trusting - GADGET-INNOVATIONS

GADGET-INNOVATIONS

Updates On Latest Technology, Innovations, Apps, Softwares, Mobiles, Computing, Gadgets, Appliances, Fashion, Healthcare, Auto & Many Others......

Post Top Ad

Transitioning To A Mass Remote Workforce – We Must Verify Before Trusting

Share This



While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we now have a mass workforce working remotely. Most enterprises and SMBs can support working remotely today but many IT departments are not equipped to scale to the numbers currently required. In this blog we discuss the threats to enterprises and SMBs through this increased remote workforce and how to mitigate the risk.


Cybercriminals seek opportunities to achieve their goals and will follow the path of least resistance. The initial access vectors enumerated in MITRE ATT & CK typically used by cyber criminals are phishing or exploitation of vulnerabilities to gain access to an organization, and are used to act on their malicious objectives. Now that employees have migrated to their homes to work remotely, cybercriminals will target the insecurities of consumer systems and networks to gain access to corporations. 


Targeted ransomware attacks are fueling the increased demand in the underground for compromised corporate networks. If employees access corporate networks from pre-infected unmanaged machines without adequate security measures, it creates a much larger attack surface for cybercriminals. This increases the risk of an organization falling victim to a potential breach and ransomware lockdown.


COVID-19 social distancing restrictions came into effect very rapidly, giving organizations little time to prepare for securely managing their workforce remotely. It is important that organizations continue to do business during this tough time, but they must also do it securely to prevent an attack such as ransomware. To protect organizations in this current climate we must approach this
from two perspectives:

1. Know your environment and users

2. Know your business and real threats

To understand the threats of telecommuting at scale, we must understand the technologies typically used by remote workers to execute their work and access the organization.


Know Your Environment and Users

Per figure 1 below, it is important to understand the architecture and technologies being used by your employees within your business environment. This gives you visibility into your potential exposure based on vulnerabilities being actively exploited by threat actors so that you can protect your remote workers and business infrastructure/assets.



Trust boundaries, common technologies and use cases in telecommuter deployments


Know Your Business and Real Threats

Adversary Opportunities

Adversaries need an initial access vector to gain a foothold within an organization. They will
typically seek out corporate usernames and passwords using techniques enumerated in MITRE ATT& CK, such as phishing or remote exploitation of software vulnerabilities. The telecommuter technology increases the attack surface significantly and is being exploited/researched as evident below:

 In 2019, vulnerabilities in Palo Alto Networks, Fortinet, Pulse Secure, and Citrix VPN servers were targeted

 Proof-of-concept exploits have been developed for Citrix NetScaler/Application Delivery
Controller (ADC), Cisco VPN routers and the  Zoho ManageEngine Desktop Central

 Fox-IT discovered bypassing of a VPN two-factor authentication

 Proof-of-Concept exploits have been developed for vulnerabilities in Telecommuter
Applications such as Zoom, Confluence and Slack

 There have been vulnerabilities recently disclosed in Android and iOS free VPNs

 RDP vulnerabilities have been disclosed over the last year such as Dejablue, Bluegate and a proof-of-concept exploit in the case of  Bluekeep  (wormable)


Controls

Minimum technical controls for remote worker machines:

 Secure configuration and strong passwords to prevent router compromise

 Keep all software layers patched, VPNs and telecommuter applications

 Do not reuse passwords across personal and work systems

 Robust endpoint security software


Minimum Technical Controls For Enterprise/SMBs:

 Security hygiene best practices

 MFA/2FA and logging for VPN accounts

 VPN patching

 Secure RDP access

 Segmentation of critical business assets

 Data backups

 User and device identity for employees and 3 rd  parties/suppliers


Policies:

 Data loss prevention

 Strong passwords

 SaaS security

 Managed vs unmanaged device access


Training:

 Phishing and social engineering training based on the current climate context – “verify
before trusting”

 Keep employees informed of phishing campaigns relative to your environment and business
Conclusion


Strong technical controls are a must to protect telecommuters in the current climate and there is also no substitute for employee phishing and social engineering training as a successful phish can negate technical controls. Even MFA/2FA can be bypassed in some cases, using advanced phishing techniques, so we must all stay vigilant, starting with ourselves to protect our organizations by adopting a “verify before trusting” approach.


By Eoin Carroll, Principal Engineer, Sr. Security Researcher, Advanced Threat Research, McAfee



Youtube

Post Bottom Ad