With devices and applications which you don’t own managing the data that you do own, it’s easy to see how security becomes problematic. Visibility is One of the Biggest Challenges Most organizations rely heavily on personally owned devices, leveraging a combination of these remote access methods together. Microsoft Remote Desktop Protocol (RDP), Secure Shell (SSH) and Virtual Network Computing (VNC) remain popular, along with a host of open source VPNs. Even for those organizations that connect back to headquarters, most traffic is encrypted and uninspected. Employees connect directly to SaaS applications, bypassing any sort of security inspection done at corporate headquarters. The challenge for today’s defenders is that they have data everywhere and much of it is in third-party software-as-a-service (SaaS) applications outside of corporate-owned data centers. Many Ways to Access Sensitive Data, Many Ways to Exfiltrate It Among the recommendations DHS makes are limiting user access to remote desktop software and implementing strong authentication. According to the Department of Homeland Security, the DarkSide ransomware group, responsible for the Colonial Pipeline attack, has been leveraging vulnerable remote access infrastructure to compromise organizations. Then there are compromises of the VPNs themselves, including recent disclosures about zero-days in Fortinet and Pulse Secure. SolarWinds, in part, leveraged stolen passwords and two-factor authentication (2FA) bypass. This year’s Oldsmar Florida water plant hack was the result of a lack of cybersecurity precautions and best practices being in place. If the headlines are any indication, it’s clear that attacks leveraging VPNs and remote access tools are on the rise. This is made worse by traffic encryption, which shields the attacker from inspection by most network security tools. Then, any activity the attacker performs is cloaked under the guise of legitimate user behavior. Based on what we’ve learned from our threat intel analysts, incident response teams and customers, we’ve compiled several findings, as well as best practice recommendations for securing remote user access.Ĭredentials are the holy grail for attackers – achieve legitimate user access, and you’re free to move about a corporate network undetected. With most of the world still working remotely, and by all indications looking to stay that way for the foreseeable future, it’s no surprise that attackers have locked onto compromising remote access tools. Cybersecurity is a constant game of cat and mouse, with attackers and defenders locked in a perpetual race for finding, exploiting and patching vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |