With remote work, these cyber threats are on the rise - Technical.ly Baltimore

Dev

Apr. 8, 2020 3:20 pm

With remote work, these cyber threats are on the rise

Zoombombing. Cryptomining. Malvertising. Baltimore cybersecurity pros talk about WFH vulnerabilities, and how businesses can protect against them. Plus: Meet the Cyber SWAT Team.
Cybersecurity.

Cybersecurity.

(Photo by Flicker user Yuri Samoilov)

Users of videoconferencing software platform Zoom were at risk of someone hijacking their video conference session for a gag or stealing info well before last month. But with the big shift to working from home, Zoombombing has become a household name — and a federal offense.

Any cybersecurity expert will tell you that new technology always comes with new ways for attackers to exploit it. So it’s no surprise that remote work is ushering some threats toward the top of the list.

“Things that were nascent threats are now vey real,” said Josh Stella, cofounder of Frederick-based cloud infrastructure security company Fugue.

As they navigate the new reality, the local cybersecurity community has been looking to educate and provide resources for local businesses and their employees. Here’s a look at some tips, trends and tools we’ve picked up over the past few weeks:

Crisis-mode communication

As director of the Technology Advisory Services practice at Sparks-based SC&H Group, Jeff Bathurst is working with companies as they implement the plans they made to keep businesses running even when an office isn’t accessible.

Many companies have these disaster recovery and business continuity plans, and one part focuses on keeping operations running when the office isn’t an option. In many cases, these plans are designed to suffice for a week or so — say, if there’s a snowstorm. But with social distancing measures likely in place until at least the end of April, the planning must encompass a much longer timeframe.

So everyone is now executing a plan for these adverse circumstances, whether they actually took time to map it out beforehand or not.

“They need to follow their plan and then they also need to have a conversation about what are they going to do now that they’re executing their plan, whether they have further business disruption” in the form of technology outages or further business operation constraints,” Bathurst said.

Advertisement

Know who you’re talking to

For employees using tools remotely, it’s important to protect the unique identifiers for every tool and meeting.

“It means that the opportunity for hackers to compromise credentials, access and data is definitely elevated because you can no longer meet with someone face to face to confirm who they are,” he said.

One example of a potential attack is spoofing. Someone could get in touch to claim they are someone from the service desk, when in fact they are not. If you can’t see someone, then it’s harder to know. Bathurst offers one simple step to protect against this: Verify a request with a phone call before sending it.

“Make sure you validate the identity of person you’re talking to. Don’t give out conference call information. Be very wary of your email. Take the extra few seconds to validate things, especially with email,” he said.

When it comes to specific tools that are in danger of being compromised, Bathurst said those that are freely available that are likely most at risk; many enterprise tools have security features built-in. For those that need new tools, said it’s important to consider to deploy a solution securely, as well as the speed and cost that are often top-of-mind.

“With convenience comes risk, and we are certainly in that mode of trying to make things as convenient as possible given the difficulty we all face,” he said.

Configure cloud tools

With engineering teams working from home, that also leads to the need to secure cloud-based workloads and data. The shift to WFH presents a situation where many are now not working on a corporate network.

“If you’ve always had access to cloud infrastructure accounts only allowable through corporate networks and now everyone is working from home, that can expose you to new kinds of threats that you’re not used to dealing with,” said Fugue’s Stella.

It’s important to be mindful of cloud misconfiguration, Stella said. This happens when virtual servers, networks and tools for identity and access management aren’t set up properly.

Attackers have automated tools to exploit these misconfigurations. They could be looking to break in to steal data, or carry out a ransomware attack where they encrypt data and seek to extort money. They could also be looking to set up cryptomining, where a malicious actor sets up hidden infrastructure that runs up a bill for you, while they mine for cryptocurrency.

In the new environment, some folks may be connecting through a virtual private network, while others may not even have that level of security or are using personal devices.

“It really means that you do have some increased exposure to make sure configurations are right because you’re opening up typically to a broader set of endpoints,” Stella said.

That means taking extra steps to ensure that the right policies are in place around access, and Stella also recommends logging everything that’s taking place.

“You have to have a good process in place to keep track of everything. You have to make sure the cloud infrastructure itself is secure in that new distributed environment,” he said.

(In response to the environment, Fugue is making a version of its platform for engineers free during the crisis. More here.)

Malvertising on the rise

The economic slowdown caused by COVID-19 can also be seen in digital advertising marketplaces, where Index Exchange noted a pullback by advertisers in many categories in late March.

But Canton-based clean.io found that as brands were running fewer ads, malicious actors were running more. The threat level was slow to start the month, but spiked to 50 times higher in the last 10 days, according to the company’s latest report which tracks malicious advertising. And malvertising was more widely present in the U.S.

This moment is “the perfect storm for bad actors to disrupt end-user experiences and impair publisher monetization at a time when publishers can least afford further disruption,” the report states.

The report also shows examples of malvertising, which is often just “borrowed” creative from brands to get through digital approval processes.

“By just looking at the ads, it is impossible to tell which ones are malicious,” clean.io CEO Matt Gillis said.

But these ads contain malicious JavaScript that isn’t visible during those approval processes, then redirects to websites that can spread malware when it runs on a person’s device. Their goal, Gillis said, is to “deceive as many people as they can along the way so they can run their campaigns on real humans’ devices and get engagement.”

Along with being frustrating for users, it also has impacts for publishers who display the ads, as users won’t be happy with their experience, and it cuts down on the metrics that are key for the ability to make money. clean.io makes technology that is focused on protecting both the user experience and the way they make money, Gillis said. The company’s product lets the ad run, then blocks the malicious code in real-time.

Got a breach? Call the Cyber SWAT Team

With the federal government’s hive of cyber operations based at Fort Meade, Maryland already has a strong presence of cybersecurity companies that are coming up with new solutions to stay ahead of the risk presented by new technology every day.

With threat levels elevated, many are banding together to help for businesses that face breaches or other cyber issues. The Cyber SWAT Team was organized by the Cybersecurity Association of Maryland, Inc. (CAMI) to get folks with questions connected with member companies.

It’s available by emailing cyberSWAT@MDcyber.com or filling out a form. Within an hour, the companies will get a call from a member of the SWAT team to provide a connection to referrals, resources and key info.

Companies have volunteered time to use their product and services, according to CAMI. They’re organized into one group that is helping to triage issues, and another for incident response that is made up of vetted members who can provide resources.

-30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!