Has The Remote Work Initiative Your Company Just Deployed Told Hackers When, Where And How To Hit Your Company?
3 minute read
Over the past month we’ve seen an explosion in remote workers due to Covid-19. For many of my customers, they’ve been directed to get employees working remotely any way they could as quickly as possible. Now that we have a moment to breathe, it’s important to make sure that your cybersecurity risk isn’t soaring.
WHY IS CYBERSECURITY RISK SOARING?
Data compiled by Shodan, a search engine for Internet-connected devices, has revealed an increase in enterprise RDP and VPN use but these solutions aren’t being used securely.
- 41.5 growth in number of devices exposing RDP to the Internet on standard ports (3389)
- 36.8 growth in number of insecure service on a non-standard port (aka security by obscurity) on alternative port (3388)
- 33 growth in the number of servers running VPN protocols (IKE, PPTP) on different ports from 7.5 million to nearly 10 million
- 8 of RDP instances remain vulnerable to BlueKeep (CVE-2019-0708)
- 16.4 growth in Industrial Control Systems (ICS) protocols that don’t have any authentication or security measures
WHAT DO THESE NUMBERS MEAN?
We’ve seen a massive jump in the enterprise RDP and VPN use but if companies aren’t using these solutions securely, hackers know when, where and how to hit a company.
Security Steps to Keep in Mind:
- Never expose RDP services to the internet, do not port forward 3389
- Putting RDP on an alternate port (3388) does not provide additional security
- RDP shouldn’t be publicly accessible without other protections (firewall whitelist, 2FA, RDS Gateway, etc.)
- Point-to-Point Tunneling Protocol (PPTP) has a number of security issues, as a result it’s an obsolete method for implementing virtual private networks
- Ensure you have mitigated known VPN Vulnerabilities
- CVE-2019-1573, a vulnerability that may allow an attacker to access authentication or session tokens and replay them to spoof the VPN session and gain access as the user
- CVE-2019-11510, allows an unauthenticated remote attacker to send a URI string to perform arbitrary file reads affecting Pulse Connect Secure SSL VPN installations
- CVE-2018-13379, allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests in the FortiOS SSL VPN web portal
HOW CAN I DECREASE MY CYBERSECURITY RISK?
There are a number of proactive security steps your company can take to ensure while your employees are working remotely, hackers aren’t taking advantage.
Proactive Steps to Take:
- Setup a VPN
- If your Firewall doesn’t have VPN capabilities, deploy one that does
- Confirm your VPN configuration is secure
- (James would doing a firewall configuration check make any sense)
- Deploy a trusted 3rd party remote access tool
- SIEM- Security Information Event Management– detect vulnerabilities, alert potential security risks and respond immediately
- Run through your cyber security incident response plan to make sure you don’t have any gaps if your IT team is now all remote
- Make sure your contact information, including phone numbers, is up to date
Last modified April 30, 2021