Page 128 - Cyber Defense eMagazine for July 2020
P. 128
CERT Warns Bad Actors Are Targeting Remote
Access – How Security Operations Find And Route These
“Below The Radar” Attacks
New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data
Restoration
By Saryu Nayyar, CEO, Gurucul
Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target
for attackers. Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH)
as a plot device in a rare cinematic example of a real-world cyber-security threat. The recent shift to a
remote workforce in response to a global pandemic has made remote access an even more inviting target
for threat actors of all stripes.
As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on
remote access vectors, using a range of attack techniques. While unpatched systems are an ongoing
issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor
authentication. The users themselves are also a primary target. Targeted email such as spear phishing,
which goes for a specific target, or cast-netting, that targets people within a single organization, have a
history of success and have seen a noticeable rise.
Fortunately, information security professionals still have a range of tools and techniques they can use to
help prevent breaches and to mitigate them when they do happen.
Many attack scenarios, especially ones involving remote access attacks, start with targeting the users
themselves. Many penetration testers will tell you the users are the easiest target and the first thing
they’ll go after. But this also gives an organization the opportunity to convert their user base from part of
the attack surface into their first line of defense. Making sure you have trained them on best practices
and have enabled a strong multi-factor authentication scheme can go a long way to preventing
unauthorized access.
Cyber Defense eMagazine –July 2020 Edition 128
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.