By February 22, 2021

How To Keep Your Remote Team Safe From Cyber Attacks

With the world struggling to get back on track amid the COVID-19 emergency, telework has become the silver bullet that keeps businesses up and running. Numerous software engineering teams rushed headlong into adopting the remote workplace model as well, only to hit a bunch of roadblocks along the way. These hurdles run the gamut from productivity nosedives to—you guessed it—security issues.

Because cybercriminals treat the crisis as an opportunity to step up their repertoire and increase the victim audiences, they have repurposed their attacks to fit the pandemic context. As a result, mainstream tools used for teleworking, such as video conferencing software, services based on remote desktop protocol (RDP), and virtual private network (VPN) solutions, ended up in the crosshairs of crooks.

To boost their foul play, these unscrupulous folks are aligning the themes of phishing attacks with employees’ pain points and fears arising out of the infodemic. Snooping on users’ sensitive communications, stealing valuable data, and infecting computers with predatory programs are malicious actors’ key objectives.

A recent global study revealed disconcerting details about the current state of the threat landscape: A whopping 90% of surveyed companies have reported a spike in attempted cyber attacks due to the pandemic. Moreover, 93% said they had to hold off important security projects because the transition to remote work was given higher priority.

If you connect the dots, the trend looks like a recipe for disaster. To keep you, your remote team, and your company safe, here is the lowdown on the most common pitfalls to watch out for and the ways to avoid them.

Which Services Cyber Criminals Attack and How To Protect Them

Here is a summary of cybercrime vectors zeroing in on remote workforce, together with effective techniques for businesses, including developer crews, to emerge unscathed.

The Scourge of RDP Hacks

These days, remote desktop protocol is the name of the game in collaborative ecosystems such as programming teams. The likes of TeamViewer and Virtual Network Computing (VNC) remote access applications allow you to connect to a machine that stores project resources so that you can coordinate your efforts with those of your colleagues.

Unfortunately, RDP-based services are on the receiving end of hacker attacks. Not only do bad actors try to steal confidential data this way, but they may also seek to poison the connected devices with malware.

One of the notorious gaps fueling such attacks is the BlueKeep vulnerability (documented as CVE-2019-0708) in Microsoft’s RDP implementation. Unless you install a patch, this flaw allows an adversary to gain a foothold in your Windows computer and execute sketchy code remotely.

To stay safe from most kinds of cyber attack, you cannot go wrong with the following practices.

Keep your software up to date. Do not postpone the installation of operating system updates on all devices you use for remote connections. It matters because updates bring game-changing security patches.

Use strong passwords. You want to keep the bar high for felons who may try to guess or brute-force the authentication details for your remote connections. Randomly combine letters, numbers, and special characters. Plus, make your passwords at least 10 characters long.

Enable multi-factor authentication (MFA). Because this sign-in mechanism hinges on an extra factor such as a one-time password sent to your smartphone, it prevents hackers from accessing your computer remotely.

Configure account lockout rules. If you use a PC for programming, go to Start > Programs > Administrative Tools > Local Security Policy, and set an account lockout policy. For instance, allow no more than three unsuccessful attempts with three-minute lockout periods.

Use a special gateway. The Remote Desktop Gateway (RDG) service from Microsoft is your best bet, as it provides an encrypted connection while allowing you to specify the range of authorized users.

In case your company has practices that work against any of these actions (for example, if you can’t update your operating systems), it is advised to obtain your IT department approval or invite them to do it.

VPN Exploitation Is on the Rise

cyber attacksWhen working out of the office, people need to maintain a stable and, more importantly, secure connection with the business IT networks. VPN is a critical instrument that bridges the gap between users and tamper-proof online communications. That is how it works in an ideal world.

In practice, things are not always smooth. As remote team members increasingly rely on these tools to perform their day-to-day duties, cybercrooks are busy probing them for vulnerabilities and have had some success.

In Jan. 2020, businesses were alerted to massive exploitation of a previously discovered vulnerability in the Pulse Secure VPN service. Tracked as CVE-2019-11510, this bug could fuel remote code execution attacks targeting both end-users and enterprise environments.

One of the reported snafus with this vulnerability at its core is related to the distribution of the dreadful ransomware strain called Sodinokibi. Unless the appropriate patch is applied, this loophole may also allow malefactors to bypass authentication and access network logs that store the cache of employee credentials in plaintext.

The following tips can help eliminate the looming VPN exploitation threat from your work equation.

Keep VPN up to date. This recommendation goes both for company-issued and personal devices that you use to connect to enterprise resources remotely. Proper update management ensures that the most recent security configurations and patches are in place.

Use two-factor authentication (2FA). In case this rule cannot be put into practice for one reason or another, be sure to use strong passwords to log in to VPN services.

Enable VPN kill switch. This feature terminates your device’s connection to the internet whenever the VPN is down (yes, it happens). Keep it on to prevent your data from potentially being leaked in such scenarios.

The ubiquitous adoption of telework that heavily relies on VPN technology means that the average user’s security posture has a single point of failure (SPOF). An adversary who succeeds in hacking virtual private network connections can get unnervingly broad access to your data assets. Therefore, it is in your best interest to harden the security of these connections.

Vulnerable Video Conferencing Software

As is the case with VPN, tools that enable virtual meetings have extended their reach significantly since the coronavirus outbreak. Software engineers use them a lot to coordinate teamwork. It comes as no surprise that perpetrators are increasingly adept at discovering and exploiting weaknesses in popular video conferencing solutions.

How big is the threat? Just Google “Zoom vulnerabilities,” and you will see that these tools are—to put it mildly— not immaculate in terms of security.

The aftermath of such a hack can be unnerving because it paves the way for eavesdropping to gain a competitive advantage or ruin your reputation. To avoid issues like that while using Zoom, follow a few recommendations that will stop snoops in their tracks.

Do not reuse access codes for web meetings. If you share them with an excessive number of people, chances are that sensitive information will be leaked beyond the intended range of co-workers.

Use the “waiting room” feature. Also known as “green room,” it prevents a virtual conference from starting until the host joins.

Keep track of participants. Configure the app to trigger notifications when new attendees join the web meeting. If this feature is missing, the host should require that all participants identify themselves.

Do not record your meetings. No one is immune from cyber attacks. Since there are many types of viruses that steal data from infected computers, your records can fall into the hands of cybercriminals. In case you need to record the meeting for future reference, make sure you keep the file encrypted.

On a side note, cybercriminals are not the only ones who may want to snoop on your virtual meetings. Disgruntled or former colleagues who have full or partial access to your company’s digital resources may also be tempted to get hold of your data.

Phishing Attacks Are Gaining Momentum

In addition to thwarting the above risks, you should strengthen your anti-phishing practices to dodge the growingly prolific coronavirus-themed scams. An example is the surge of spoofed email advisories mimicking the World Health Organization (WHO) and other COVID-19 response entities.

These frauds try to trick recipients into revealing their personal data or executing harmful code disguised as eye-catching attachments. Be skeptical about such messages, and think twice before interacting with anything clickable in them. Here are a few extra precautions you should consider when an email like that ends up in your inbox.

Look for inaccuracies. Cybercrooks often neglect to proofread their texts, so scrutinize the message for misspellings. Ignore it if you find obvious errors.

Fine-tune your email filters. Modern email services block messages that match known phishing templates. Go to the provider’s security settings to enhance these automatic checks beyond the defaults.

Do not click links in emails. By following a link like that, you run the risk of falling into a rabbit hole of social engineering or malware infection. Likewise, do not open files attached to messages coming from strangers.

Confirm sensitive matters in person. If a message that appears to be from your colleague instructs you to send a wire transfer, you are better off calling the sender over the phone to double-check the legitimacy of the request.

Use internet security software. Reliable tools from this category continuously monitor your inbox and give you a heads-up if a dubious message is detected.

Be a Moving Target

cyber attacksNot only is the global increase in remote work a natural element of the business evolution, but it is also an emergency response to the new circumstances ensuing from the health care calamity. Unfortunately, the occasionally crude implementation of telework has become one of the weakest links in the security of both individuals and companies.

Adhering to the above tips is half the battle. Additionally, it never hurts to improve your authentication hygiene through hard-to-guess passwords and 2FA, if you have not already.

A data backup strategy is your plan B that kicks in if ransomware sucker-punches your computer. A well-thought-out combo of these techniques will keep attackers at bay so that you can focus on your work.

About the author

David Balaban

David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs Privacy-PC.com and MacSecurity.net, projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.