Ransomware in a Remote Working Environment
According to Sophos, half of the companies working remotely in the midst of COVID-19 reported they have been a victim of a ransomware attack. However, even before the pandemic and subsequent stay-at-home order, 54% of respondents in a 2017 survey reported that they had been victims of a cyber attack. The key difference since the break of the pandemic has been the severity and gravity of the attacks.
As a result of remote work, more coordinated and sophisticated attacks have come about, dealing devastating blows to impacted enterprise owners. The use of remote access tools to connect with network resources leaves organizations much more vulnerable to cyber attacks. Enterprise administrators should deploy properly configured and patched Virtual Private Networks (VPNs). However, as both CISA and the NSA have warned, many businesses in various verticals are not patching for known vulnerabilities. This oversight could allow a cybercriminal to covertly carry out cyber attacks and leave enterprise administrators none the wiser.
Remote desktop protocol (RDP) has been a springboard for attackers to access private networks even before the pandemic, but during COVID-19 there has been an increase in brute force attacks targeting the usernames and passwords of RDP connections, according to Kaspersky. Once the connection is hijacked, the attacker has a foothold within the network to deploy a full suite of tools including state-sponsored malware and more. Even after the pandemic and stay-at-home order, this trend, along with targeted phishing campaigns, will continue to be a thorn in your company’s cybersecurity programs. Attackers are aware that a successful ransomware breach can be extremely lucrative and can cause revenue loss, reputational harm, and the exfiltration of PII, EPHI, credit card numbers, credentials, and more.
A mature cybersecurity program should put controls in place to secure and account for all endpoints accessing their network via a next generation EDR tool, encrypt all traffic, conduct daily back-ups of data, deploy match management on all endpoints, disable legacy protocols like RDP, and continuously monitor network traffic while also training their workforce for emerging threats. Investing in a cyber insurance policy may also help mitigate risk.
Making network penetration time consuming and resource-intensive is a win for enterprise owners, as it will no longer be economically viable to the cybercriminal to attack the enterprise. Therefore, it is necessary to have a proactive, evolving cybersecurity program to counterattack the latest tactics, techniques, and procedures from all cyber adversaries. This will safely allow remote employees access to corporate resources and optimize internal operations.