Page 128 - Cyber Defense eMagazine for July 2020
P. 128

CERT Warns Bad Actors Are Targeting Remote

             Access – How Security Operations Find And Route These


                                       “Below The Radar” Attacks

             New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data
                                                         Restoration

                                              By Saryu Nayyar, CEO, Gurucul



            Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target
            for attackers.  Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH)
            as a plot device in a rare cinematic example of a real-world cyber-security threat.  The recent shift to a
            remote workforce in response to a global pandemic has made remote access an even more inviting target
            for threat actors of all stripes.

            As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on
            remote access vectors, using a range of attack techniques.  While unpatched systems are an ongoing
            issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor
            authentication.  The users themselves are also a primary target.  Targeted email such as spear phishing,
            which goes for a specific target, or cast-netting, that targets people within a single organization, have a
            history of success and have seen a noticeable rise.

            Fortunately, information security professionals still have a range of tools and techniques they can use to
            help prevent breaches and to mitigate them when they do happen.

            Many attack scenarios, especially ones involving remote access attacks, start with targeting the users
            themselves.  Many penetration testers will tell you the users are the easiest target and the first thing
            they’ll go after.  But this also gives an organization the opportunity to convert their user base from part of
            the attack surface into their first line of defense.  Making sure you have trained them on best practices
            and  have  enabled  a  strong  multi-factor  authentication  scheme  can  go  a  long  way  to  preventing
            unauthorized access.




            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         128
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   123   124   125   126   127   128   129   130   131   132   133