Call Us: 555-555-1234

THE VULNERABILITY OF REMOTELY ACCESSING YOUR COMPANY!


Introduction:

The following is an advisory for business owners, managers and security practitioners using remote access software for accessing their business systems. With all of the focus on the high volume breaches of nationally recognized large retailers, there is a continued and increasingly dangerous threat impacting our small and mid-sized businesses daily. Experts estimate that cyber criminals could be stealing as much as $1 billion per year from small and mid-sized businesses in electronic financial transactions Small and mid-sized businesses are the low hanging fruit that are constantly being breached by attackers utilizing a well-known yet preventable exploitation of remote access software.

Companies are using remote access software as the solution that allows multiple types of devices to connect to their network, providing mobility and flexibility to executives and employees to access company records while away from the office and provide network administrators and security practitioners an avenue to troubleshoot and support their networks in real time. It is important to recognize that with the convenience of remote access comes the inherent risk of creating a “back-door” for unauthorized access.

Regardless of the industry or key resource sector to which you belong, this threat affects everyone in the same manner. A recently published advisory by the National Cybersecurity and Communications Integration Center highlighting the threat of a new point of sale malware titled Backoff, described how malicious actors are constantly scanning the internet looking for business’s and merchant’s Internet Protocol addresses with open ports to remote access software. Once identified, cyber criminals will attempt to brute force their way into the targeted system.

Scanning the internet to hack into networks has become a commodity for sale in the criminal underground. Unfortunately, the convenience of remote access to systems has been embraced by both businesses and cyber criminals alike. Although some remote access software technologies offer security protocols and features such as virtual desktop infrastructure (VDI), the most important aspect of this advisory is to help business owners, employees, and security practitioners understand that if they have the ability to access their company’s system remotely from any device, from any location, at any time then so will a cyber- criminal if security-measures are not taken and regularly updated.


The Threat to Business Owners &Managers:


 

1. Identity theft:

Employees like remote access because it gives them access to work files, programs and networks, enabling them to work from home or while traveling. However, they must be aware that if their remote login credentials are compromised, malicious actors will be able to login and have access to a massive amount of data. A wide range of sensitive information such as names, addresses, dates of birth, social security numbers, driver’s license numbers, credit card and bank account numbers can be found within a targeted organization’s computer system, which can be used to commit crimes such as identity theft. Malicious actors will use any information they can gather for financial gain.


2. Hi-jacked Bank Accounts:
Vulnerabilities in the implementation and usage of remote access software facilitates massive financial losses to our business’s infrastructure, with malicious actors utilizing varying levels of sophistication to steal credentials and passwords in order to hi-jack or create banking sessions to steal money from the account of the targeted business. These types of attacks have led to millions of dollars in unauthorized electronic financial transactions being sent to banking systems in Hong Kong, China, and other foreign countries.


3. Intellectual Property Theft:
Unauthorized remote access to business’s databases can also lead to theft of intellectual property, which could include anything from trade secrets to proprietary products. Intellectual property theft costs U.S. businesses billions of dollars each year with overseas companies taking this information and using it to build cheaper and less expensive versions of products without the cost of research and development. This causes significant job losses in the United States. The loss or compromise of data can result in an array of impacts to your organization, including financial penalties, fines and even loss of consumer loyalty and confidence.


4. Stolen Credit Cards:
Credit card point of sale systems of small to mid-sized businesses are being targeted and compromised at an alarming rate. Compromised card holder data is costing businesses in the United States millions of dollars in fraudulent transactions, regulatory fines, and investigation and recovery fees. Point of sale integrators frequently use weak and/or default passwords on point of sale terminals allowing malicious actors to brute-force or successfully guess remote access into the system. Once inside they install malware specifically designed to steal payment card data from that system. This type of attack vector is by far the most common utilized by malicious actors to steal credit card data.

 


Recommendations for business owners and managers:

 

Business owners must get more actively involved in protecting their systems because current security practices are not working, and the numbers of threats are increasing. You must implement internal best practices for your company, such as monitoring network activity and educating your employees.


The following (2) two simple recommendations will assist you in strengthening your defenses: implementing two-factor authentication and not allow unattended remote access.


1. Remote access must be authenticated with strong two-factor authentication. If you allow remote access into your systems by employees or third parties (like integrators or network support) you must always force them to use strong two-factor authentication regardless of the device that they use to connect with your network. Their convenience should not come at the expense of your security.


What is Two-Factor Authentication?


Two-factor authentication is the combination of at least two different validation methods during a log-in request. All authentication methods are based around three basic types of authentication identifiers. Traditionally, only one identifier (user id/password) is used:


• “Something you know,” which is a knowledge-based identifier, most commonly represented as a password or passphrase.
• “Something you have,” which is most commonly represented as a token or smart card based identifier.
• “Something you are,” which is most commonly represented as a biometric identifier, such as a fingerprint, or other unique physical attribute.


By combining any two of the three authentication identifiers during a single log-in request, the authentication function is strengthened dramatically, and represents a true two-factor authentication. One thing to remember about two-factor authentication is that its strength is greater than the sum of its individual parts. Any single-factor authentication mechanism may be attacked directly. The combination of two factors requires an attacker to apply two distinctly separate and different attack vectors.
http://www.secureworks.com/resources/blog/general-pci-dss-two-factor-authentication/.

 

2. If you process, transmit or store credit card data, you must address the biggest vulnerability facing small to midsized businesses: unattended and poorly configured remote access services. All remote access into payment or financial systems (credit card data) should be initiated by the business owner, manager or proper IT management representative from the premises in which that system resides and never left in “always on” mode. In the cases in which on-site initiated requests are not feasible, the business owner, manager or proper IT management representative must make sure systems are configured with strong two-factor authentication. If you store, transmit or process credit card data, access to your system must be initiated by someone with the authority from your premises. Unattended remote access to card holder data should be kept to an absolute minimum.


Recommendations for security practitioners and network administrators:


 

Security professionals, Network Administrators and Point of Sale Integrators, must elevate their security practices to limit the risk against these systems. Improperly configured and unsecured remote management software is a huge vulnerability to our infrastructure.

 

1. All remote access should be authenticated with strong two-factor authentication.


2. Employee remote access should be granted only if requested by the employee and then approved by the company for valid reasons. And if granted, access should be on l y for those services and applications needed. With a segregated network or virtual desktop infrastructure, the employee should not have access to the entire corporate network.


3. If card holder data is involved then remote access should only be granted if the request to do so was granted by the proper personnel on property. Unattended remote access to card holder data should be kept to an absolute minimum.


With shared risk comes shared responsibility. If you setup and support remote access for a business and it gets breached you could also be held liable. Security practitioners should insist on strong two-factor authentication for any remote access into a company’s infrastructure. There should be no misconception in the interpretation and definition of the term two-factor authentication. Two factors of authentication mean two different factors of authentication.