Has The Remote Work Initiative Your Company Just Deployed Told Hackers When, Where And How To Hit Your Company?

By Jeff Pieta |

3 minute read

Over the past month we’ve seen an explosion in remote workers due to Covid-19. For many of my customers, they’ve been directed to get employees working remotely any way they could as quickly as possible. Now that we have a moment to breathe, it’s important to make sure that your cybersecurity risk isn’t soaring.


WHY IS CYBERSECURITY RISK SOARING?

Data compiled by Shodan, a search engine for Internet-connected devices, has revealed an increase in enterprise RDP and VPN use but these solutions aren’t being used securely.

Meaningful Numbers:

  • 41.5 growth in number of devices exposing RDP to the Internet on standard ports (3389)
  • 36.8 growth in number of insecure service on a non-standard port (aka security by obscurity) on alternative port (3388)
  • 33 growth in the number of servers running VPN protocols (IKE, PPTP) on different ports from 7.5 million to nearly 10 million
  • 8 of RDP instances remain vulnerable to BlueKeep (CVE-2019-0708)
  • 16.4 growth in Industrial Control Systems (ICS) protocols that don’t have any authentication or security measures

WHAT DO THESE NUMBERS MEAN?

We’ve seen a massive jump in the enterprise RDP and VPN use but if companies aren’t using these solutions securely, hackers know when, where and how to hit a company.

Security Steps to Keep in Mind:

  • Never expose RDP services to the internet, do not port forward 3389
  • Putting RDP on an alternate port (3388) does not provide additional security
  • RDP shouldn’t be publicly accessible without other protections (firewall whitelist, 2FA, RDS Gateway, etc.)
  • Point-to-Point Tunneling Protocol (PPTP) has a number of security issues, as a result it’s an obsolete method for implementing virtual private networks
  • Ensure you have mitigated known VPN Vulnerabilities
    • CVE-2019-1573, a vulnerability that may allow an attacker to access authentication or session tokens and replay them to spoof the VPN session and gain access as the user
    • CVE-2019-11510, allows an unauthenticated remote attacker to send a URI string to perform arbitrary file reads affecting Pulse Connect Secure SSL VPN installations
    • CVE-2018-13379, allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests in the FortiOS SSL VPN web portal

HOW CAN I DECREASE MY CYBERSECURITY RISK?

There are a number of proactive security steps your company can take to ensure while your employees are working remotely, hackers aren’t taking advantage.

Proactive Steps to Take:

  • Setup a VPN
  • If your Firewall doesn’t have VPN capabilities, deploy one that does
  • Confirm your VPN configuration is secure
  • (James would doing a firewall configuration check make any sense)
  • Deploy a trusted 3rd party remote access tool
  • SIEM- Security Information Event Management– detect vulnerabilities, alert potential security risks and respond immediately
  • Run through your cyber security incident response plan to make sure you don’t have any gaps if your IT team is now all remote
    • Make sure your contact information, including phone numbers, is up to date
Last modified April 30, 2021
Get Started Now