Managing Cyber-Attacks in a time of Pandemic

TOC

• Background
• Work From Home- New Normal
• Increase Cyber Attacks (Recent cases)
• Root Cause
• “Work From Home” Attack Simulation
• Threats on VPN Firewalls and Remote Connection Applications
• Threats arising due to WFH (Insecure home WIFI, Data Leakage, Other threats etc)
• Threats arising from BYOD devices
• QRPF (Qseap Remote Pentesting Framework)

Background

• Work from home enforced due to Pandemic.
• Companies enabled remote access to 90% of their staff in a haphazard manner.
• Reliance on VPN and remote connection applications (eg: Webex, Anydesk, TeamViewer) to enable “work from home” option.
• Due to shortage of laptops, Company’s allowed personal systems and BYOD devices to connect to their network.

Do you think this pandemic can extend for a period of 6 months , 1 Year or 2 Years ? No Idea.

WORK FROM HOME is the NEW NORMAL

New Normal: Work From Home

Increase in cyber threats

Security which was once provided in a controlled environment with management and IT oversight may now be provided on personal devices connecting over unsecured networks with oversight by stressed and remote IT staffs.

Root Cause of Rise in Cyber Attacks

• VPN firewalls and remote connection applications are not properly tested against work from home scenarios, before providing access to staff on a such huge level.
• Even a secure VPN and remote connection applications are not sufficient to stop data exfiltration and backdoor attacks on the end points.
• Inability of organizations to look beyond VAPT and switch to attack simulation approach.

VAPT is not sufficient

You Need “Work From Home” Attack Simulation

(Grey Box) Attack simulation Via Work From Home environment

Grey box attack simulation is a service designed to closely mimic the real time attacks arising from an employee who is working from home.

Overview of Test Cases

Unsecure Network Connecting Wifi/VPN

Data Leakage and Malware Scenarios

• Unintentional installation of malware and backdoors from torrents, gaming and other malicious websites: Antivirus Bypass.
• Intentional installation of backdoor using PowerShell: Antivirus Bypass.
• Data leakage by bypassing USB restriction
• Data leakage by uploading file to unauthorized website and mailing sites: Bypassing website restrictions, SCP
• Data Leakage by File Sharing/RDP over the Private home Network.
• Windows and AD attacks

Apparently..

Even with a Secure VPN

Back doors can be created and Data which is generated and received on the end point can be easily exfiltrated

Because Problem is not VPN, Problem is the endpoint

Stop connecting your endpoints directly to your company’s Network. Route the connection through a controlled virtual desktop system.

Similar challenges in Security Testing through VPN

• Restriction of onsite consultants due to Pandemic situation.
• Fear of data loss/exposure to vendors while testing internal critical applications through VPN/ Remote connecting applications.
• Inability to provision appropriate tools required for pentesting for fear of abuse.
• Provisioning of laptops to security consultants are adding to company’s overhead expenses.
• Longer wait times to provide systems access to vendors.

Qseap’s Remote Pentesting Framework

Qseap’s Remote Pentesting Framework is created to address a specific issue of most enterprises today. To create a secure, data leakage proof setup, that can be accessed by a remote user to conduct pentesting activities in an organization. QRPF can be used by multiple vendors connecting to organization network over VPN, without any need of installing pentest tools or software’s.

QRPF Architecture