With the growing proliferation of COVID-19 also comes an increasing potential for phishing campaigns as threat actors capitalize on the changing dynamics around remote work. Exploits including ransomware that can expose passwords, and data or attack vectors launched through phishing and social engineering can wreak more havoc than ever in this new work-from-home era.
By Phil Richards, CISO at Ivanti
Consider the phishing campaign that’s pushing Netwalker/Mailto ransomware using the attachment “CORONAVIRUS_COVID-19.vbs.” This embedded executable perpetrates a TXT file ransom and instructs targets to pay on a Tor site. Both a public health district and an Australian logistics company have fallen victim.
Another Coronavirus malware kit uses a seemingly legitimate map from Johns Hopkins University in a Java-based malware scheme. The kit is sold for up to $700 with the seller’s certificate, and while users think the Preloader is the map, the malware is stealing passwords. In other instances, a TrickBot Trojan slips detection by using text from Coronavirus articles and an actual ransomware called “CoronaVirus” uses email extortion promising to infect your family with Coronavirus. The climate is indeed scary.
With many workers now confined to operate from home, protecting from these malicious acts can be trickier than ever. To become an expert in the art of RemoteSec, here are five tips you may not have considered for keeping your remote workers secure.
- Track and manage all your remote assets and networks. As employees connect from home, on both home networks and devices, you have an expansive wave of new assets penetrating your corporate networks and data. Be sure you have the ability to properly perform remote asset discovery – so you know just what is entering your network. And gain further insight into asset and network performance, not only to efficiently enable workforce productivity, to pinpoint performance anomalies that might indicate malicious behavior – such as large bandwidth consumption at an off hour that might reveal that large amounts of data is being downloaded without consent.
- Train and enforce good security hygiene. Just like you might squirt hand sanitizer every time you come home, or are spraying objects entering your home with Lysol, you need to train work-from-home employees to practice good computing hygiene. Advise users how to be smart about the sites they’re visiting, or the links they’re clicking. Do this through adding additional employee training and security communication advisories. Remember, the end user’s home is now becoming the easiest way into your network, so ensure that devices used at home are up-to-date, patched and protected. If you fear there may still be gaps, lock down critical applications with limited admin privileges and dynamic whitelisting so that you can prevent unauthorized code from executing in your environment.
- Be mindful of your VPN configuration settings. Your VPN is your first line of defense so be sure that it’s properly configured to allow devices only. Here configuration management is your friend. Pay extra attention to your GPO policies and ensure that you are in control of all the systems that attach to you network. Don’t just open up your VPN to EVERYONE either. Segment users and be sure that external parties, including customers and contractors, have the right security structure in place before gaining access to your network.
- Patch to infinity and beyond. Never before has patching been more critical – especially knowing that you need to patch many non-corporate owned devices as well as those you already control. Users will be accessing your network with any device they prefer, and many home computers are out of date, running Windows 7, or worse. Ensure that you have a best-in-class remote patch management solution that can discover out of compliance devices, and patch systems no matter where they are. One missed device could be the proverbial leak in the dam.
- Antivirus/anti-malware is a must on all remote systems Ensure that active AV is protecting all your remote devices. This can be done with ease. Global rollouts of AV can be easily automated and performed when you have an advanced solution for endpoint management so users may not even notice that protection is installed or running.
As we all take a deep breath and adjust to this new work-from-home norm, protect your corporate data from the risk of threat actors by doubling down on the protection of remote devices accessing your environment. It will be just one way you can breathe a sigh of relief in an uncertain time.
About the Author
Phil Richards is the Chief Information Security Officer (CISO) for Ivanti. He has held other senior security positions including the Director of Operational Security for Varian Medical Systems, Chief Security Officer for Fundtech Corporation and Business Security Director for Fidelity Investments. In his security leadership roles, he has created and implemented Information Security Policies based on industry standards. He has also implemented global privacy policies, including addressing privacy issues in the European Union.
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.