Thought leadership. threat analysis, news and alerts.
Vulnerable Remote Working Technologies to Watch Out
Mass workforce working remotely has come way too soon as a result of the COVID-19 social distancing restrictions. This sudden shift, however, gives many organizations little time to prepare.
Vulnerable Remote Working Technologies
Below are some vulnerable remote working technologies to watch out as these vulnerabilities could allow cybercriminals to gain a foothold within your organization’s network:
VPN, short for virtual private network, is particularly aimed at remote workers and workers in branch offices to access corporate networks in a secure and private manner.
In 2019, security researchers have found and disclosed several security vulnerabilities in several VPN products. While vendors of these vulnerable VPN products, within a certain period of time, released security updates – also known as patches – fixing these disclosed security vulnerabilities, some users have delayed applying these patches resulting in the active exploitation of the disclosed security vulnerabilities.
Here are examples of VPN security vulnerabilities that have been actively exploited in the wild by cyberattackers:
- CVE-2018-13382: A security vulnerability in Fortinet Fortigate VPN that could allow an unauthenticated user to change the VPN user passwords.
- CVE-2019-1579: A vulnerability in the Palo Alto GlobalProtect VPN that could allow a remote, unauthenticated actor to execute arbitrary code on the VPN server.
- CVE-2019-11510: Multiple security vulnerabilities in the Pulse Connect Secure and Pulse Policy Secure products that could allow a remote, unauthenticated actor to view cached plaintext user passwords and other sensitive information.
- CVE-2019-19781: A security vulnerability in Citrix Gateway virtual private network servers that could allow an attacker to remotely execute code without needing a login.
-VPN 2-Factor Authentication Bypass
Researchers at Fox-IT reported that a threat actor was able to gain VPN access to a victim’s network that was protected by 2-factor authentication (2FA).
“An interesting observation in one of Fox-IT’s incident response cases was that the actor steals a softtoken for RSA SecurID, which is typically generated on a separate device, such as a hardware token or mobile phone,” researchers at Fox-IT said. “In this specific case, however, victims using the software could also use a software-based token to generate 2-factor codes on their laptop. This usage scenario opens up multiple possibilities for an attacker with access to a victim’s laptop to retrieve 2-factor codes used to connect to a VPN server.”
Vulnerable Remote Working Apps
The COVID-19 crisis has turned the video-teleconferencing app a must-have. This technology allows employers and employees in different geographical locations to conduct meetings in real-time by using simultaneous audio and video transmission.
Amidst the COVID-19 crisis, the video-teleconferencing app called “Zoom” has come into the limelight, not just because of the growing number of users but because of the security threats that slowly come to light.
On March 23, 2020, security researcher known only as @_g0dmode on Twitter disclosed a security vulnerability in Zoom’s video-teleconferencing app. "#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users," @_g0dmode said. Security researcher Matthew Hickey expounded @_g0dmode’s discovery saying that Zoom’s video-teleconferencing app can be used to steal Windows credentials of users.
Vulnerabilities in Remote Desktop Protocol (RDP) – a network communications protocol developed by Microsoft that provides remote access over port 3389 – have recently been disclosed by Microsoft.
-CVE-2019-0708: Dubbed as “Bluekeep”, this vulnerability allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests.
- CVE-2020-0609 and CVE-2020-0610: Collectively dubbed as “BlueGate”, this vulnerability similarly allows an unauthenticated attacker to connect to the target system using RDP and sends specially crafted requests.
According to Microsoft, Bluekeep and BlueGate are pre-authentication vulnerabilities and require no user interaction. Microsoft described Bluekeep and BlueGate in the same way: “An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Cybersecurity Best Practices
The above-mentioned security vulnerabilities on their own could allow malicious actors to gain access to your organization’s networks, for instance, through ransomware lockdown. Allowing remote workers to access your organization’s networks creates a much larger attack surface for cybercriminals.
Here are some cybersecurity best practices to keep your organization’s networks and your organization’s remote workers safe online:
Keep All Software Up to Date
All the above-mentioned security vulnerabilities have available patches. Apply these patches in a timely manner to keep your organization’s networks and remote workers safe online.
Be Mindful of How Your Organization’s Data Is Handled
In early April of this year, researchers at the University of Toronto reported that Zoom – a Silicon Valley-based company that owns 3 companies in China through which nearly 700 employees are paid to develop the app – used an encryption method that isn’t recommended as “patterns present in the plaintext are preserved during encryption”. The researchers also found that some of Zoom’s video-teleconferencing traffic was being routed through China even though all participants of the video-teleconference were in North America.
Zoom, for its part, said in a statement that the routing of some of Zoom’s video-teleconferencing traffic was a mistake and apologized for the said incident.
Steve E. Driz, I.S.P., ITCP