Over the past few weeks, we’ve seen a massive spike in remote workforces. Seemingly overnight, companies are transforming traditional office personnel into remote workers. While the catalyst has prompted swift actions to protect employees’ health, companies are struggling to provide the technical resources needed to maintain business continuity – without incurring added risk – under these new circumstances. Existing infrastructure had to be scaled or new infrastructure had to be deployed to meet the demand. When people’s health and wellbeing are at stake, it’s understandable that organizations couldn’t necessarily take the time to consider the cybersecurity ramifications of these actions.
The Secureworks® Adversary Group works with our customers on a daily basis, and we have noticed an uptick in concern regarding how to best address the external attack surface of their remote access deployments. To address immediate health and safety risks, some organizations have had to deploy technology with which they were unfamiliar or untrained to properly use – with only hours to do so. With uncertainty ahead, organizations that have rapidly adopted remote practices are essentially building the car while driving, which presents significant challenges operationally and unfortunately, it also presents opportunity to opportunistic threat actors. Over the last few weeks, we’ve worked with several customers, testing their remote access infrastructure to make sure it was implemented correctly. The more awareness companies have regarding their remote access vulnerabilities, the better prepared they’ll be to defend against a potential attacker.
Two primary issues should be investigated to thoroughly test remote access infrastructure from an Internet connection:
- Investigate potential exposure points within the appliances / infrastructure resulting from a technical misconfiguration. Popular vulnerabilities like the ones found in Pulse Secure VPN are easy tactics attackers may exploit to gain remote access on systems that haven’t been properly patched.
- Multi-factor authentication should be present and properly configured. Attackers can collect usernames from various sources and perform password spraying tactics – effectively testing common passwords on a large number of accounts – in an effort to compromise a user account.
These two classes of vulnerabilities make up the lion’s share of issues we routinely identify in remote access deployments, and we aren’t alone. Countless threat groups attempt to gain access by looking for these same vulnerabilities by mass-scanning the Internet or performing targeted password spraying against exposed authentication.
While traditional penetration testing can help identify these issues (and more), the timing presents roadblocks during critical situations – and malicious hackers understand this and take advantage of this challenge facing organizations worldwide. Adversarial testers are in high demand, and often, our team books engagements six to 10 weeks in advance. When a remote access deployment has been issued and activated almost overnight, it puts a company at risk if they need to wait that long for testing.
We understand the competing challenges companies face and relying on traditional security protocols isn’t necessarily enough. To help expedite security testing availability, the Secureworks Adversary Group has created a new service to help ensure no organization has to wait, losing valuable time to bolster their defenses. We’re specifically targeting remote access testing, and we can deliver in a much shorter timeframe than traditional network penetration testing. This fast turnaround helps get vulnerability data back into your hands to help you remediate security weaknesses and support your remote workforce uninterrupted.
Our team’s mission is to protect our customers through adversarial testing that simulates real threats and adversarial behaviors to head them off at the pass. With more than 100 ethical hackers, penetration testers, and security experts ready to help at a moment’s notice, we are here to partner with you on your schedule so that time doesn’t become the vulnerability online criminals exploit. If you need to test your recently adopted remote work practices, contact us – we’re here to help.