{"id":397,"date":"2020-04-21T23:43:00","date_gmt":"2020-04-21T23:43:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=397"},"modified":"2024-01-09T22:46:56","modified_gmt":"2024-01-09T22:46:56","slug":"attackers-are-paying-attention-as-remote-working-becomes-the-new-norm","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/","title":{"rendered":"Attackers Are Paying Attention as Remote Working Becomes the New Norm"},"content":{"rendered":"\n<p>With many organizations now adopting an almost entirely working-from-home (WFH) model as the world shelters-in-place to battle the COVID-19 pandemic, understanding how attackers might exploit remotely accessible entry points and how you can block them has never been more critical. Organizations are expanding and purchasing new virtual private network (VPN) solutions that allow access to business applications using an internet connection. Similarly, there\u2019s greater use of remote desktop solutions and more reliance on cloud environments and applications with employees working off premises. VPN and remote access gateways have always been ideal candidates for adversaries to target; increased use in the wake of COVID-19 amplifies these risks.&nbsp;<\/p>\n\n\n\n<p>As you expand your organization\u2019s capacity for WFH, make sure that you are also using best practices for securing your newly expanded attack surface. Let\u2019s take a look at some of the key risks with VPNs, remote desktop protocol (RDP) and cloud services.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">VPN Risks<\/h2>\n\n\n\n<p>VPN solutions vary widely in their performance, quality and approach to security. When relying on a VPN for secure transmissions, your organization should institute an independent verification of the security of your implementation. Of course, having a VPN provider check the security of their own solution is a start, but it\u2019s not enough because it\u2019s like relying on the company setting up a security fence to verify its effectiveness; if that fence provider is asked if the fence is adequate, they will say yes.<\/p>\n\n\n\n<p>Beyond configuration issues, there are a number of common security issues related to VPN gateways. These vulnerabilities include remote code execution, file path traversal and password modification that can lead to credential theft and internal network compromise. For example,&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11510\">CVE-2019-11510<\/a>&nbsp;is a vulnerability that allows an unauthenticated remote attacker to gain access to private keys and user passwords. First identified in May 2019 for Pulse Connect Secure, Pulse Secure\u2019s SSL VPN is still unresolved on a significant number of enterprise networks.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">RDP Risks<\/h2>\n\n\n\n<p>The\u00a0<a href=\"\/platform\/\">CyCognito platform<\/a>\u00a0observed a 7x increase in the number of newly deployed, and thus exposed, RDP servers in March over previous months, which is not surprising given the massive shift to remote working. What is surprising is that two-thirds of those RDP servers don\u2019t have the recommended Network Level Authentication (NLA) implemented. NLA is a mitigation to prevent unauthenticated access to the RDP tunnel and dramatically decreases the chance of success for RDP-based worms. Our analysis further reveals that 18 percent of Fortune 1000 companies have RDP servers without NLA or VPN protection.<\/p>\n\n\n\n<p>NLA is recommended as protection against vulnerabilities like BlueKeep,&nbsp;<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-0708\">CVE-2019-0708<\/a>, a widespread and wormable RDP vulnerability discovered last year that still exists on many networks. First made public on May 14, 2019, BlueKeep enables attackers to perform unauthenticated, arbitrary remote code execution. There were a million devices exposed to BlueKeep a year ago and our research shows that nearly half a million devices on the internet are still susceptible to it, including Fortune 1000 companies. There are several public exploits for this vulnerability, significantly reducing its exploitation complexity. Because the vulnerability enables remote code execution and requires no authentication, it has been compared to &#8220;EternalBlue&#8221;, which enabled the 2017 WannaCry attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cloud Services Risks<\/h2>\n\n\n\n<p>Given the convenience and agility that cloud services (IaaS, PaaS, SaaS) offer, studies show that organizations currently run 38 percent of workloads in public cloud and that percentage had already been on a trajectory to continue to rise. Increased use of cloud services will no doubt be fueled by the rapid rise in remote work by enterprise employees this spring. Data from the CyCognito platform shows that this increases IT risk significantly: public cloud assets harbor a disproportionate share of an organization\u2019s critical attacker-exposed risks, with critical issues in cloud assets occurring at 3 to 6 times the volume of critical risks in on-premises assets.<\/p>\n\n\n\n<p>The ongoing increase in cloud adoption \u2014 whether sanctioned or shadow IT \u2014 and the resulting increase in security risks is a reality that security teams must factor in as they manage their security programs. The increased risk associated with cloud services may be due to lack of visibility to abandoned cloud environments spun up by various departments or, and more significantly, due to the fact that legacy security tools are simply not designed to identify cloud assets and the attack vectors associated with them. In any case, working remotely will undoubtedly fuel more growth in the adoption of cloud services, increasing the need to secure these environments.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Stay Vigilant<\/h2>\n\n\n\n<p>Attackers are opportunistic. We knew they wouldn\u2019t miss the quick evolution to working from home. They already know how to exploit WFH-related vulnerabilities, so now the scale of their opportunity increases. Our guidance doesn\u2019t change in the face of the accelerated risk created by the pandemic. Your best defense is to view your attack surface the same way an attacker does and mobilize quickly to eliminate their easiest points of entry.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/resources.flexera.com\/web\/media\/documents\/rightscale-2019-state-of-the-cloud-report-from-flexera.pdf\">1 Rightscale 2019 State of the Cloud Report from Flexera<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Best practices for securing your attack surface during mandated WFH. Examine key risks with VPNs, remote desktop protocol (RDP) and cloud services.<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[105,125,99,9,124,123,126],"class_list":["post-397","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-cloud-security","tag-cloud-services","tag-covid-19","tag-cybersecurity","tag-rdp","tag-vpn","tag-work-from-home"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Attackers Are Paying Attention as Remote Working Becomes the New Norm | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers Are Paying Attention as Remote Working Becomes the New Norm | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"Best practices for securing your attack surface during mandated WFH. Examine key risks with VPNs, remote desktop protocol (RDP) and cloud services.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-21T23:43:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-09T22:46:56+00:00\" \/>\n<meta name=\"author\" content=\"Rob Gurzeev\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rob Gurzeev\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\"},\"author\":{\"name\":\"Rob Gurzeev\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679\"},\"headline\":\"Attackers Are Paying Attention as Remote Working Becomes the New Norm\",\"datePublished\":\"2020-04-21T23:43:00+00:00\",\"dateModified\":\"2024-01-09T22:46:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\"},\"wordCount\":839,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"Cloud Security\",\"Cloud Services\",\"COVID-19\",\"Cybersecurity\",\"RDP\",\"VPN\",\"Work-from-Home\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\",\"name\":\"Attackers Are Paying Attention as Remote Working Becomes the New Norm | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2020-04-21T23:43:00+00:00\",\"dateModified\":\"2024-01-09T22:46:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attackers Are Paying Attention as Remote Working Becomes the New Norm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679\",\"name\":\"Rob Gurzeev\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g\",\"caption\":\"Rob Gurzeev\"},\"description\":\"CEO &amp; Co-Founder\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/rob-gurzeev\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers Are Paying Attention as Remote Working Becomes the New Norm | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/","og_locale":"en_US","og_type":"article","og_title":"Attackers Are Paying Attention as Remote Working Becomes the New Norm | CyCognito Blog","og_description":"Best practices for securing your attack surface during mandated WFH. Examine key risks with VPNs, remote desktop protocol (RDP) and cloud services.","og_url":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/","og_site_name":"CyCognito Blog","article_published_time":"2020-04-21T23:43:00+00:00","article_modified_time":"2024-01-09T22:46:56+00:00","author":"Rob Gurzeev","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rob Gurzeev","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/"},"author":{"name":"Rob Gurzeev","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679"},"headline":"Attackers Are Paying Attention as Remote Working Becomes the New Norm","datePublished":"2020-04-21T23:43:00+00:00","dateModified":"2024-01-09T22:46:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/"},"wordCount":839,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["Cloud Security","Cloud Services","COVID-19","Cybersecurity","RDP","VPN","Work-from-Home"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/","url":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/","name":"Attackers Are Paying Attention as Remote Working Becomes the New Norm | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2020-04-21T23:43:00+00:00","dateModified":"2024-01-09T22:46:56+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/attackers-are-paying-attention-as-remote-working-becomes-the-new-norm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Attackers Are Paying Attention as Remote Working Becomes the New Norm"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679","name":"Rob Gurzeev","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g","caption":"Rob Gurzeev"},"description":"CEO &amp; Co-Founder","url":"https:\/\/www.cycognito.com\/blog\/author\/rob-gurzeev\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=397"}],"version-history":[{"count":3,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/397\/revisions"}],"predecessor-version":[{"id":592,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/397\/revisions\/592"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}