It’s clear that the measures that have been necessary to slow the spread of the virus have also posed organisations with some of the biggest challenges they have ever faced – and have done so virtually overnight. While bandwidth has so far held strong, transitioning entire work forces to a remote environment has come with consequences, many of which are security related.
The nationwide Covid-19 crisis has fundamentally shifted the way we work. The resulting surge in employees now logging on from home poses new and significant security risks for businesses. Seeking to make the most of a bad situation, cyber criminals are launching a variety of spam, phishing and ransomware attacks aimed at exploiting weakened defences and pandemic anxiety.
It’s not surprising, therefore, that nearly two thirds of companies (64 per cent) have experienced at least moderate disruption to their network security business practices since remote working has surged. Nearly a quarter (23 per cent) reported experiencing major disruptions while adapting their workforce, according to a report from the Neustar International Security Council (NISC).
Personal vs. professional use
In most cases, your cable modem is the only device that has a public IP address. The range of devices you have connected at home, therefore, will all show up under the one address. Should any device behind that cable modem become infected, cyber-criminals then have a far easier ability to launch an attack from this one trusted local device to any others using the same IP address – in other words on the same network segment – including your work laptop.
Most traditional, office-based companies will be used to the majority of their employees being connected locally to LANs and corporate firewalls. In normal times, IT and security teams oversee a relatively controlled environment. Despite facing the obvious multitude of cyber-threats, they have close visibility over how staff devices are connecting to their network and can therefore identify any unusual or potentially harmful activity.
That is no longer the case, with it now almost guaranteed that teams are mass remote working and connecting to VPNs. This immediately presented a major issue due to the fact that many companies did not provide computers for employees to work from home prior to Covid-19, instead asking that they work from their own devices. Security controls on personal devices are not the same as those on work devices and it also blurs the line of professional use. There becomes no separation between using the same device to work, watch Netflix, and shop online.
For nearly all businesses – even those that make significant use of cloud solutions – there are still key systems that operate locally, such as payment gateways and financial platforms. As a result, employees will need to connect to a corporate VPN. And they’ll be connecting over the only network they have – whether that’s a home router, a cable or fibre modem or a Mi-Fi device.
Securing the weakest link
While businesses enjoy some protection through the external hosting of some public services, such as their website or email system, they need to carefully consider their VPN, or the other services that aren’t externally hosted, or protected. If their corporate connection is attacked, specifically targeting their VPN, and this goes down, their entire workforce is offline.
The challenge with using VPNs to allow global workforces to log on remotely is that cyber-criminals understand that the hardening of connectivity from a denial of service point of view hasn’t been done. This makes them an easy target for DDoS attacks.
Most businesses use “vpn” as part of the URL or host name for their VPN, which makes it simple for an attacker to identify the server. With a single DNS lookup, the attacker has the IP address and can launch a conventional volumetric attack using a rented bot network, or a network protocol attack to paralyse server resources. And, that’s exactly what’s happening. There has been an uptick in DDoS incidents mitigated through Neustar’s Security Operations Centre (SOC) in March, including the largest attack the company has ever mitigated.
The challenge remains that the very nature of VPNs means that they have to be entirely encrypted; using normal methods to examine whether or not traffic is malicious is impossible. A DDoS attack that is encapsulated in a VPN packet – made up of a certain structure and going to a given port – will only be revealed when the packet reaches the VPN server and is opened up. In the meantime, the overwhelming volume of traffic traveling through the VPN can cause the network to fall down.
Monitoring and managing services
Cybercriminals rarely cause disruption just for the sake of it. One of the most likely objectives is to make a path for a targeted attack. Many of these can be stopped by examining and filtering traffic, which should be doable by whatever mechanism is used to defend against DDoS attacks targeting corporate infrastructure.
By examining traffic, looking at headers and content, and scoring the combination by also assessing reputation, it’s possible to pass all the good traffic while minimising the bad traffic that gets through.
Organisations should also strongly consider a managed service option. It’s much easier to mitigate an attack when a solution is already in place, before it actually needs to be used. At a time when many businesses could do with one less worry, fully managed services can take the pressure off and ensure digital assets are safe and secure.
These are not normal times. However, with working from home set to continue post-pandemic, it’s critical that companies are able to confidently secure their networks remotely. Malicious actors are relying on the current uncertainty to carry out attacks wherever they can, and organisations must now be extra vigilant. Looking ahead, we will come out of this much stronger, with a better understanding of the applications needed to securely work from home and how behaviours must change.
Rodney Joffe, Senior VP, Technologist and Fellow, Neustar