Header Ads

Breaking News

COVID-19 offers a unique opportunity to pilot zero trust, rapidly and at scale


The COVID-19 pandemic has caused a forced work-from-home situation that many organizations and businesses were likely not prepared for. From dealing with undersized VPN infrastructure, insufficient bandwidth and not enough managed devices for employees to take home, IT departments are scrambling to limit the impact on productivity and enable access to corporate resources and applications their colleagues need to perform their job duties.

Unfortunately, mounting pressure from management to set up remote working capabilities as quickly as possible could result in IT teams cutting corners and ignoring existing security policies and practices. This could have major implications for business continuity in the long run.

Imagine the disruption an attacker could cause by gaining access to the company’s private network through an exposed service or a remote employee’s personal device, then moving laterally and infecting internal servers with ransomware at a time when the IT and security teams are also working remotely and can’t take a hands-on approach to remediate the problem.

It would be extremely difficult to recover from such a situation, Chase Cunningham, principal analyst serving security and risk professionals at Forrester, tells CSO. “This is the type of scenario where one person’s access could literally wreck an entire infrastructure in no time.”

Attacking remote workers

In the past there have been many cases of companies exposing Remote Desktop Protocol (RDP) services directly to the internet and those services being hacked and used as entry points for cybercriminals. Unfortunately, during the COVID-19 crisis, incidents involving insecure configurations of services and firewalls are likely to increase as people take shortcuts to enable remote access.

Last week, researchers from Bitdefender warned that TrickBot, a credential-stealing Trojan, added a new module to its arsenal that uses infected computers to launch RDP brute-force attacks. Companies from the telecom, education and financial services sectors in the United States and Hong Kong were on the target list seen by the researchers. TrickBot also has modules for stealing OpenSSH and OpenVPN credentials, which are typically used for remote access, and is a known delivery platform for the sophisticated Ryuk ransomware.

Copyright © 2020 IDG Communications, Inc.

Source link

No comments