Telework is a long-running trend in the business world, and it has reached unprecedented heights because of the Coronavirus emergency. As a result, numerous companies have been forced to plunge headlong into implementing the remote work model, and predictably enough, this process is not always smooth.
One of the issues is that employees’ security is often sacrificed so that organizations can continue to operate as they did before the crisis. Unfortunately, this fact could not possibly stay beyond the cybercriminals’ spotlight.
As a result, malicious actors have focused on finding loopholes in the popular tools used for teleworking, such as conferencing software and Virtual Private Network solutions.
Malicious actors aim to snoop on sensitive communication or plague enterprise networks with spyware or ransomware. To further boost these efforts, they are also adjusting the themes of phishing attacks to employees’ fears and pain points arising out of infodemic and terrifying news like those coming from the fronts of the Russian-Ukrainian war.
Here is a roundup of cybercrime methods zeroing in on the remote work model and practical techniques for companies to steer clear of these attacks.
VPN security needs an overhaul
While working out of the office, employees should maintain a stable and secure connection with the company’s computer networks. VPN is a vital tool that bridges the gap between workers and hacker-proof online communication.
Unfortunately, with teleworkers increasingly relying on these tools to perform their duties, cybercriminals are busy exploring them for vulnerabilities.
Numerous security reports signal the escalating threat of VPN exploitation. Therefore, it is crucial to harden the security of the remote work model and implement VPNs wisely these days. Here are the significant risks in this regard:
- Since VPN is one of the foundations of secure telework, hackers have ramped up their efforts to discover and exploit new weaknesses in these solutions.
- Businesses use VPNs 24/7, so it can be problematic for them to keep up with all the updates that deliver the latest security patches and bug fixes.
- Threat actors may increasingly execute spear phishing attacks (malwarefox dotcom spear phishing) that dupe teleworkers into giving away their authentication details.
- Organizations that do not require their personnel to use multi-factor authentication for remote connections are more susceptible to phishing raids.
- Trying to save money, some admins configure their systems to support a limited number of simultaneous VPN connections. As a result, information security teams may fail to perform their tasks when VPN services are unavailable due to network-wide congestion.
Essentially, adopting telework that relies on VPN technology leads to the fact that the average company’s security architecture often has a single point of failure. A malefactor who succeeds in hacking VPN connections can get an unnervingly broad scope of access to the target’s data assets.
Here is some extra food for thought. Some time ago, CISA alerted businesses to the massive exploitation of a nasty flaw in Pulse Secure VPN. This bug could launch remote code execution attacks targeting enterprise networks.
One of the reported incursion vectors involving this vulnerability was related to the distribution of the Sodinokibi ransomware virus, a strain that specifically homes in on corporate networks.
If the appropriate patch was not applied, this imperfection allowed malefactors to turn off MFA and access network logs that keep the cache of user credentials in plaintext.
In response to the looming menace, security experts recommend organizations focus on upping their VPN security practices to prevent the worst-case scenario.
Here are a few tips to help a company from being a moving target:
- First, keep VPN tools and network infrastructure devices up to date. This recommendation also holds true for devices (company-issued or personal) that the employees use to connect to corporate resources remotely. Correct updates and patch management ensure the most current security configuration is in place.
- Let your teams know about the expected rise in phishing attacks so that they exercise more caution with suspicious emails.
- Ensure the cyber security team is prepared to tackle remote access exploitation scenarios through breach detection, log analysis, and incident response.
- Use multi-factor authentication for all VPN connections. If, for some reason, this rule cannot be put into practice, ascertain that your staff members are using strong passwords to log in.
- Inspect the corporate VPN services for capacity restrictions. Then, choose a reliable hosting service that can help leverage bandwidth limiting and ensure secure connections continuity when needed the most.
- An additional precaution is to test the functionality of the VPN kill switch. This feature automatically terminates all web traffic if the secure connection is interrupted. This way, you can rest assured that the data doesn’t travel via the public Internet in an unencrypted form.
Conferencing software is low-hanging fruit.
Similarly to virtual private networks, tools that enable virtual meetings have recently extended their reach significantly. It comes as no surprise that cyber crooks have stepped up their repertoire in terms of discovering and exploiting weaknesses in popular conferencing products.
The consequences of such a hack can be devastating because it paves the way for eavesdropping on a large scale.
The U.S. National Institute of Standards and Technology (NIST) highlighted the risks stemming from the abuse of virtual meeting tools. According to the agency, although most of these solutions come with basic security mechanisms, these features may not be enough to fend off privacy encroachment.
Here is a roundup of recommendations in this context to stop hackers in their tracks:
- Adhere to your company’s policies and guidelines addressing the security of virtual meetings.
- Avoid reusing access codes for web meetings. If you share them with plenty of people, chances are that confidential data is leaked beyond the intended number of individuals.
- If you plan to discuss a highly confidential subject, consider using one-time PINs or unique meeting identifier codes.
- Make the most of the “waiting room” function that prevents a virtual meeting from starting until the conference host joins.
- Tweak the settings, so the app triggers notifications when new people join the web meeting. If this option is missing, the host must request that all participants name themselves.
- Leverage dashboard controls to keep abreast of the attendees during the conference.
- Refrain from recording the virtual meeting. If you really need to do it for future reference, be sure to encrypt the file and specify a passphrase to decrypt it.
- Minimize or ban the use of employee-owned devices for video conferencing.
Keep in mind that hackers are not the only ones who may wish to snoop on virtual meetings. Disgruntled employees or fired employees who still have access to the company’s digital infrastructure may also be lured to get hold of your proprietary data.
The bottom line
The global increase in remote work is a natural part of the business evolution. It is also an emergency response to new factors like COVID-19. But sadly, the “rough” implementation of telework in many organizations has become the weakest link in their security.
In addition to thwarting the above risks related to VPN tools and virtual meetings, organizations should rethink and bolster their anti-phishing practices to dodge scams that rely on trendy news topics. Your personnel should be skeptical about suspicious messages and think twice before clicking on any links in them.
Remote work security is now more critical than ever before. This needs to change if it is not your organization’s top priority.
Featured Image Credit: Photo by Thirdman; Pexels; Thank you!
