THE VULNERABILITY OF REMOTELY ACCESSING YOUR COMPANY!
The following is an advisory for business owners, managers and security practitioners using remote access software for accessing their business systems. With all of the focus on the high volume breaches of nationally recognized large retailers, there is a continued and increasingly dangerous threat impacting our small and mid-sized businesses daily. Experts estimate that cyber criminals could be stealing as much as $1 billion per year from small and mid-sized businesses in electronic financial transactions Small and mid-sized businesses are the low hanging fruit that are constantly being breached by attackers utilizing a well-known yet preventable exploitation of remote access software.
Companies are using remote access software as the solution that allows multiple types of devices to connect to their network, providing mobility and flexibility to executives and employees to access company records while away from the office and provide network administrators and security practitioners an avenue to troubleshoot and support their networks in real time. It is important to recognize that with the convenience of remote access comes the inherent risk of creating a “back-door” for unauthorized access.
Regardless of the industry or key resource sector to which you belong, this threat affects everyone in the same manner. A recently published advisory by the National Cybersecurity and Communications Integration Center highlighting the threat of a new point of sale malware titled Backoff, described how malicious actors are constantly scanning the internet looking for business’s and merchant’s Internet Protocol addresses with open ports to remote access software. Once identified, cyber criminals will attempt to brute force their way into the targeted system.
Scanning the internet to hack into networks has become a commodity for sale in the criminal underground. Unfortunately, the convenience of remote access to systems has been embraced by both businesses and cyber criminals alike. Although some remote access software technologies offer security protocols and features such as virtual desktop infrastructure (VDI), the most important aspect of this advisory is to help business owners, employees, and security practitioners understand that if they have the ability to access their company’s system remotely from any device, from any location, at any time then so will a cyber- criminal if security-measures are not taken and regularly updated.
The Threat to Business Owners &Managers:
1. Identity theft:
Employees like remote access because it gives them access to work files, programs and networks, enabling them to work from home or while traveling. However, they must be aware that if their remote login credentials are compromised, malicious actors will be able to login and have access to a massive amount of data. A wide range of sensitive information such as names, addresses, dates of birth, social security numbers, driver’s license numbers, credit card and bank account numbers can be found within a targeted organization’s computer system, which can be used to commit crimes such as identity theft. Malicious actors will use any information they can gather for financial gain.
2. Hi-jacked Bank Accounts:
Vulnerabilities in the implementation and usage of remote access software facilitates massive financial losses to our business’s infrastructure, with malicious actors utilizing varying levels of sophistication to steal credentials and passwords in order to hi-jack or create banking sessions to steal money from the account of the targeted business. These types of attacks have led to millions of dollars in unauthorized electronic financial transactions being sent to banking systems in Hong Kong, China, and other foreign countries.
3. Intellectual Property Theft:
Unauthorized remote access to business’s databases can also lead to theft of intellectual property, which could include anything from trade secrets to proprietary products. Intellectual property theft costs U.S. businesses billions of dollars each year with overseas companies taking this information and using it to build cheaper and less expensive versions of products without the cost of research and development. This causes significant job losses in the United States. The loss or compromise of data can result in an array of impacts to your organization, including financial penalties, fines and even loss of consumer loyalty and confidence.
4. Stolen Credit Cards:
Credit card point of sale systems of small to mid-sized businesses are being targeted and compromised at an alarming rate. Compromised card holder data is costing businesses in the United States millions of dollars in fraudulent transactions, regulatory fines, and investigation and recovery fees. Point of sale integrators frequently use weak and/or default passwords on point of sale terminals allowing malicious actors to brute-force or successfully guess remote access into the system. Once inside they install malware specifically designed to steal payment card data from that system. This type of attack vector is by far the most common utilized by malicious actors to steal credit card data.
Recommendations for business owners and managers:
Business owners must get more actively involved in protecting their systems because current security practices are not working, and the numbers of threats are increasing. You must implement internal best practices for your company, such as monitoring network activity and educating your employees.
The following (2) two simple recommendations will assist you in strengthening your defenses: implementing two-factor authentication and not allow unattended remote access.
1. Remote access must be authenticated with strong two-factor authentication. If you allow remote access into your systems by employees or third parties (like integrators or network support) you must always force them to use strong two-factor authentication regardless of the device that they use to connect with your network. Their convenience should not come at the expense of your security.