Self-isolation and work from home is an effective measure against the spread of infection. There are a lot of additional bonuses: increasing labor efficiency, financial benefits for the company, promoting the idea of a minimum basic income (paying people so that they do not leave home, as a result, will pay off many times), improving the environment. But there is one serious drawback. The sudden transition to the distant work of millions of employees without proper training poses enormous risks to information security. Corporate VPNs are not always designed for such a load, and employees themselves often do not know how to use cryptographic tools, work through weak home routers from an unsecured home network.
At a major US agency, some officials began holding meetings via group calls on the iPhone because standard conference systems didn’t always work, writes CNN Business citing a federal employee. But these groups support no more than five members, not to mention security risks. In general, government agencies did a good job of switching to a remote site, the source said, although there are small technical issues.
The publication uses an example of a US Air Force VPN system that last week supported a maximum of 72,000 concurrent users. At the same time, the US Air Force employs more than 145,000 civilians and more than 130,000 full-time contractors.
Moving away from standard security procedures opens up new opportunities for hackers. As employees increasingly enter the system from home, they have to combine their personal tools with professional ones “on an unprecedented scale.”
For employers, the problem lies not only in network bandwidth, but also in the fact that employees introduce new potential vulnerabilities into the routine workflow – weak passwords on personal computers, poorly protected home Wi-Fi routers, poorly protected sites for distance learning (in schools and universities) or infected computers of other family members.
“It’s enough for one of the children to get infected and the infection will spread inside the house,” said Marcus Sachs, former vice president of national security policy at Verizon. It’s about malicious computer programs, because digital infection is transmitted between family members in the same way as COVID-19.
Another vector of attack on new remote workers is social engineering, where scammers impersonate tech support employees.
According to experts, from a compromised computer of one employee, malware can easily get into a connected office network.
Experts recommend paying special attention to digital hygiene and security, as attackers are trying to take advantage of the coronavirus crisis. According to DomainTools, an information security company, hackers are increasingly creating coronavirus-related websites, applications, and tracking tools to take advantage of the surge in interest in coronavirus and infect users’ computers and phones, including for ransomware (ransomware) applications.
CovidLock ransomware for Android intercepts the lock screen, threatening to erase photos and videos on the phone
In addition to VPN, other systems for remote work are also used in corporate systems. For example, in 2014, the Federal Communications Commission began the transition to virtual desktops. Based on cloud solutions for employees, digital workstations are created that exist only online.
For the full transition of all office employees to the remote mode, it is also necessary to ensure the widespread penetration of broadband. According to federal research, even in the US, at least 25 million people do not have broadband at home. Employees of special services and intelligence organizations who are expressly prohibited from remote access to secret documents and systems, or this access is very difficult, suffer greatly.
On March 15, 2020, the American cybersecurity agency ISC SANS issued a warning to companies advising them to update their VPN programs and prepare for a surge of malicious emails that will be sent to disoriented employees. It is recommended to monitor activity logs on the corresponding OpenVPN (1194) and SSL VPN ports (TCP / UDP 443, IPsec / IKEv2 UDP 500/4500). A similar warning on corporate VPNs AA20-073A was issued by the Department of Homeland Security Infrastructure and Cybersecurity Agency (DHS CISA).
Last October, the NSA informed users of the discovery of active exploits for Pulse Secure VPN versions from 5.1RX to 9.0RX. At the same time, critical vulnerabilities were discovered in other popular VPNs: Palo Alto GlobalProtect and Fortinet Fortigate. New bugs are constantly found in other corporate VPNs, so you should definitely check that you have all the latest VPN patches installed.
On March 17, the British National Cybersecurity Center released a six-page brochure with tips for telecommuting.
Cybercriminals are closely monitoring the trend of moving to remote work “and are doing everything possible to use it to infiltrate the organization,” said Esti Peshin, head of the cyber department of Israel Aerospace Industries, Israel’s largest defense contractor.
Today we can only imagine what the world will look like after a pandemic. It will probably never be so open again. Coronavirus dealt a serious blow to globalization and European integration, and the United States failed a leadership test. Perhaps the national policies of some countries will change. The economic crisis will reduce the well-being of people, and fundamental changes will occur in the capitalist system of the world, analysts at Foreign Policy say.
One way or another, at the micro level, everyone should take care of themselves and think about their own safety. For the beginning, at least about VPN patches.