In Technology 10 May 2021
Managing Cyber-Attacks in a time of Pandemic
TOC
- Background
- Work From Home- New Normal
- Increase Cyber Attacks (Recent cases)
- Root Cause
- “Work From Home” Attack Simulation
- Threats on VPN Firewalls and Remote Connection Applications
- Threats arising due to WFH (Insecure home WIFI, Data Leakage, Other threats etc)
- Threats arising from BYOD devices
- QRPF (Qseap Remote Pentesting Framework)
Background
- Work from home enforced due to Pandemic.
- Companies enabled remote access to 90% of their staff in a haphazard manner.
- Reliance on VPN and remote connection applications (eg: Webex, Anydesk, TeamViewer) to enable “work from home” option.
- Due to shortage of laptops, Company’s allowed personal systems and BYOD devices to connect to their network.
Do you think this pandemic can extend for a period of 6 months , 1 Year or 2 Years ? No Idea.
WORK FROM HOME is the NEW NORMAL
New Normal: Work From Home
Increase in cyber threats
Security which was once provided in a controlled environment with management and IT oversight may now be provided on personal devices connecting over unsecured networks with oversight by stressed and remote IT staffs.
Root Cause of Rise in Cyber Attacks
- VPN firewalls and remote connection applications are not properly tested against work from home scenarios, before providing access to staff on a such huge level.
- Even a secure VPN and remote connection applications are not sufficient to stop data exfiltration and backdoor attacks on the end points.
- Inability of organizations to look beyond VAPT and switch to attack simulation approach.
VAPT is not sufficient
You Need “Work From Home” Attack Simulation
(Grey Box) Attack simulation Via Work From Home environment
Grey box attack simulation is a service designed to closely mimic the real time attacks arising from an employee who is working from home.
Overview of Test Cases
VPN and Network Security Assessment
- Covers penetration testing of VPN firewall from BYOD devices (via Admin Privilege) and companies laptop (Attacks conducted via Non-Admin User Privilege, using custom scripts)
- Black box penetration testing of applications/network exposed to a VPN authenticated user.
Assessment of Remote Connection Applications
- Grey Box Application security assessment of SSL VPN applications, remote connection softwares such as CISCO WebEx, CISCO meet, Citrix servers etc.
- Covers attacks such as brute force, traffic sniffing, unauthorized access to company’s resources by an authenticated user etc.
Endpoint Security Assessment
- Penetration testing of BYOD devices and Company’s laptop from home’s LAN Network.
- Endpoint security controls bypass on BYOD devices and Company’s laptop. (Accessing unauthorized sites, Antivirus Bypass to create Backdoor, Privilege escalation, Data exfiltration checks etc).
Threats on VPN and Remote Connection Applications
- Exploiting vulnerabilities on VPN firewalls.
- Exploiting vulnerabilities on remote connection applications (Sniffing, Password attacks, Unauthorize access etc)
- Unauthorized access to shared file, internal application/network segments in VDI environment.
- Phishing campaigns related to COVID scenarios to extract sensitive information from employees.
Unsecure Network Connecting Wifi/VPN
Data Leakage and Malware Scenarios
- Unintentional installation of malware and backdoors from torrents, gaming and other malicious websites: Antivirus Bypass.
- Intentional installation of backdoor using PowerShell: Antivirus Bypass.
- Data leakage by bypassing USB restriction
- Data leakage by uploading file to unauthorized website and mailing sites: Bypassing website restrictions, SCP
- Data Leakage by File Sharing/RDP over the Private home Network.
- Windows and AD attacks
Threats with Bring Your Own Device
- Ease of network/application attacks, due to availability of Admin rights on BYOD devices.
- Ease of data exfiltration and malware attacks on BYOD devices with Admin privileges.
- Internal Shared drives accessible from personal systems.
- Internal applications accessible to personal systems.
- Bypassing MDM restrictions on BYOD devices.
"1 in 5 Enterprises admit of mobile data breach resulting from BYOD"
Apparently..
Even with a Secure VPN
Back doors can be created and Data which is generated and received on the end point can be easily exfiltrated
Because Problem is not VPN, Problem is the endpoint
Stop connecting your endpoints directly to your company’s Network. Route the connection through a controlled virtual desktop system.
Similar challenges in Security Testing through VPN
- Restriction of onsite consultants due to Pandemic situation.
- Fear of data loss/exposure to vendors while testing internal critical applications through VPN/ Remote connecting applications.
- Inability to provision appropriate tools required for pentesting for fear of abuse.
- Provisioning of laptops to security consultants are adding to company’s overhead expenses.
- Longer wait times to provide systems access to vendors.
Qseap’s Remote Pentesting Framework
Qseap’s Remote Pentesting Framework is created to address a specific issue of most enterprises today. To create a secure, data leakage proof setup, that can be accessed by a remote user to conduct pentesting activities in an organization. QRPF can be used by multiple vendors connecting to organization network over VPN, without any need of installing pentest tools or software's.
| Problems | Solution |
|---|---|
| Restriction of onsite consultants due to Pandemic situation. | Enables remote access to conduct Pentesting of internal applications in a secured environment, eliminating the troubles of calling onsite consultants. |
| Fear of data loss/exposure to vendors while testing internal critical applications through VPN/ Remote connecting applications. | Encrypted Access from anywhere, eliminating the possibilities of data loss/exposure. |
| Inability to provision appropriate tools required for pentesting for fear of abuse. | Provision of customized machines with specific tools to full fledged pentesting OS at the click of a button. |
| Longer wait times to provide systems access to vendors. | Multiple Vendors can access machines for various tests. |
;){kind=link}