Coronavirus: Security Recommendations For Remote Access Threats


To control the spread of the coronavirus (COVID-19), many organizations are requesting employees to work remotely. Doing so means leveraging enterprise virtual private networks (VPNs) and remote desktop solutions to connect to services.

Download the Complete Alert

To control the spread of the coronavirus (COVID-19), many organizations are requesting employees to work remotely. Doing so means leveraging enterprise virtual private networks (VPNs) and remote desktop solutions to connect to services.

This shift opens the door to an array of cybersecurity threats that specifically target these networks and solutions. Remote access solutions require organizations to expose a service from their premises and allow internet access to it, relying mostly on the security posture of the solution and the user identification solution it integrates with.

Service Disruption

As organizations now mostly depend on remote access for their day-to-day business, they need to take proactive measures to safeguard against threats and maintain continuity. Exposing critical services on the internet makes them vulnerable to service disruption by distributed denial-of-service (DDoS) attacks.

DDoS attacks can leverage many different sources to generate and send malicious traffic to the targeted victim. Volumetric attacks will try to consume all available bandwidth. Clean pipe solutions can provide relief in terms of bandwidth restrictions by using threshold filtering, but will typically not distinguish good from malicious traffic, and leave most remote users intermittently or indefinitely perturbed by the cyberattack.

A more insidious type of DDoS attack leverages intricacies in the protocol of the exposed services and targets specific weaknesses. Most enterprise VPN solutions and web services rely on Secure Socket Layer (SSL) or Transport Layer Security (TLS) to ensure the confidentiality of transmitted data, and in some cases, to verify and ensure the identity of both sides of the communication. Encrypted attacks can target the SSL handshake mechanism, send malicious data to the SSL server or abuse the SSL encryption key negotiation process. These attacks take advantage of the asymmetric resource requirements to perform SSL session handshakes. Each SSL session handshake consumes fifteen times more resources on the server compared to the client. This asymmetry allows attackers to bring down large infrastructures with limited resources. Since these attacks do not generate massive amounts of traffic, they are much harder to detect before the service is disrupted.

Continue Reading...

Click here to download the full ERT Threat Alert.

Download the full threat alert Now