By Sergiu Gatlan March 13, 2020 03:34 PM 0
The Department of Homeland Security's cybersecurity agency today shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations have made working from home the default for their employees in response to the Coronavirus disease (COVID-19) pandemic.
"As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity," an alert published today says.
Malicious actors expected to focus attacks on teleworkers
Since more and more employees have switched to using their org's VPNs for teleworking, threat actors will increasingly focus their attacks on VPN security flaws that will be less likely to get patched in time if work schedules will be spread around the clock.
CISA also highlights the fact that malicious actors might also increase their phishing attacks to steal the user credentials of employees working from home, with orgs that haven't yet implemented multi-factor authentication (MFA) for remote access being the most exposed.
US-CERT
✔@USCERT_gov
Is your organization teleworking because of #COVID19? Here are some https://go.usa.gov/xdMYJ key recommendations on enterprise VPN security. #CyberVigilance #Cyber Cybersecurity #Infosec
102
9:12 PM - Mar 13, 2020
Twitter Ads info and privacy
105 people are talking about this
"Organizations may have a limited number of VPN connections, after which point no other employee can telework," CISA adds.
"With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks."
Mitigations for boosting enterprise VPN security
Among the mitigation measures recommended for organizations considering telework options for their employees because of the Coronavirus disease (COVID-19) pandemic, CISA lists:
• Keeping VPNs, network infrastructure devices, and devices used for remote work up to date (apply the latest patches and security configs).
• Notifying employees of an expected increase in phishing attempts.
• Ensuring that IT security staff are ready for remote log review, attack detection, and incident response and recovery.
• Implementing MFA on all VPN connections or required employees to use strong passwords to defend against future attacks.
• Testing VPN infrastructure limitations in preparation for mass usage and take measures such as rate-limiting to prioritize users that will require higher bandwidths.
As part of its teleworking guidance, CISA also advises organizations to review DHS documentation on how to secure network infrastructure devices, avoid social engineering and phishing attacks, choose and protect passwords and supplement passwords, as well as the National Institute of Standards and Technology (NIST) guide to enterprise telework and BYOD security
The DHS cybersecurity agency previously warned orgs to patch Pulse Secure VPN servers against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability tracked as CVE-2019-11510.
One week later, the FBI said in a flash security alert that state-backed hackers have breached the networks of a US financial entity and a US municipal government after exploiting servers left vulnerable to CVE-2019-11510 exploits.
US-CERT
✔@USCERT_gov
Unpatched Pulse Secure VPN servers remain an attractive target for malicious actors. @CISAgov released an Alert on continued exploitation of CVE-2019-11510 in Pulse Secure. Update ASAP! https://go.usa.gov/xpSzQ #Cyber #Cybersecurity #InfoSec
255
6:17 PM - Jan 10, 2020
Twitter Ads info and privacy
218 people are talking about this
CISA also published information on how to defend against scammers who use the Coronavirus Disease 2019 (COVID-19) health crisis as bait to push their scams over the Internet.
The World Health Organization (WHO) and the U.S. Federal Trade Commission (FTC) issued warnings about ongoing Coronavirus-themed phishing attacks and scam campaigns in February.
Microsoft, Google, LogMeIn, and Cisco have also announced last week that they are offering free licenses for their meeting, collaboration, and remote work tools so that teleworkers can join virtual meetings and chat with colleagues while working remotely.
Related Articles:
US Govt Shares Tips to Defend Against Coronavirus Cyber Scams
US Govt Updates Info on North Korean Malware
US Govt Alerts Financial Services of Ongoing Dridex Malware Attacks
US Govt Warns of Ransomware Attacks on Pipeline Operations
US Charges Huawei With Conspiracy to Steal Trade Secrets, Racketeering
No comments:
Post a Comment