Hackers Target Unpatched VPNs and Work at Home Staff, CISA Warns -

Hackers are targeting unpatched VPNs (virtual private networks), work-at-home staff and remote employees amid coronavirus workforce shifts, the Department of Homeland Security's (DHS) Cybersecurity & Infrastructure Security Agency (CISA) has warned in an alert.

“As organizations elect to implement telework, CISA encourages organizations to adopt a heightened state of cybersecurity,” the advisory reads. Organizations using virtual private networks (VPN) for telework must be aware that hackers are searching for and targeting vulnerabilities, the alert said. “As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.”

CISA's alert urges teleworkers to be aware that malicious cyber actors may increase phishing emails to steal their usernames and passwords. It also warns that organizations not using multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks. In addition, CISA points out that organizations may have a limited number of VPN connections and beyond that must not allow other employees to telework. "With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks," the alert said.

“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting,” Tom Kellermann, who heads VMware Carbon Black’s cybersecurity strategy, told The Hill. “There has been an uptick of targeted attacks against executives in conjunction with this pandemic,” he said. “When it comes to home security you are assuming your work laptop is secure, but you need to take steps on your own end.”

CISA is urging organizations to implement the following six recommendations if considering telework options:

Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.

Alert employees to an expected increase in phishing attempts.

Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.

Implement MFA on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.

Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications, such as rate limiting, to prioritize users that will require higher bandwidths.

Contact CISA to report incidents, phishing, malware, and other cybersecurity concerns.

Security provider Check Point also offered five best practices for organizations’ telework force. “This guide should serve as a starting point for organizations whether their apps and data are stored in data centers, public clouds or within SaaS applications,” the security specialist wrote in a blog post.

Trust no-one: Understand who has access to what information, segmenting your users and making sure that you authenticate them with multi-factor authentication.

Every endpoint needs attention: Think ahead about how to handle the threats posed by data leakage, attacks propagating from devices into your network, and ensure that the overall security posture of the devices are sufficient.

Stress-test your infrastructure: Your infrastructure must be robust, and should be stress tested to ensure that it can handle a large volume of traffic.

Define your data: Identify, specify and label sensitive data to prepare policies to ensure that only the appropriate people can access it.

Segment your workforce: Audit current policies for access and sharing of different types of data. Reevaluate corporate policy and team segmentation within your organization.