New Threats Emerge Amidst Move to Work from Home

I have lost count of the number of new scams emerging in the wake of COVID-19. Whether exploiting the very human 'fear of missing out' or a lack of information, bad actors have gotten, well, badder in the past few months.

Of note, of course, is the exploitation of Zoom's rather lackluster security measures. Like many others, my youngest's school landed on Zoom to connect. That lasted approximately a week before they were forced to discontinue its use and search for an alternative. Bad actors, you see, were joining these unsecured gatherings and broadcasting, shall we say, undesirable content.

To the credit of Zoom's leadership, it not only acknowledged its technical failure but accepted responsibility and then did something about it.

These are the most obvious threats to emerge because they often target vulnerable populations. Populations for whom a lack of technical acumen and awareness make them easy marks. Social engineering has always seen some measure of success, so to see an increase in phone scams and phishing attempts is unsurprising. Those of us who understand these threats should do our part to help our vulnerable neighbors and Facebook friends from falling victim to them.

That means warning them away from playing Facebook games that unintentionally expose information that can be used to hijack accounts and, through them, the keys to their digital life. You know the ones of which I speak. "This is fun! I'm going to give you a list of ten jobs, but one of them is a lie. You figure out which one!" Or the more long-lived list of places you've lived, been, colors you like, etc.

These lists seem innocuous, but within each, you will find questions that are used by some site on the Internet to secure your sensitive information. And it's being scraped by bots and delivered to baddies who will eventually hit a jackpot using them.

Don't play along, and please encourage your social friends to stop playing, too.  

These are the obvious threats. Unfortunately, there are some not so obvious threats that have also emerged in the past month arising from the explosion of people working from home.

See, to work from home today requires access to apps. Those apps might be in the cloud, but many of them aren't. They're still in the data center or, for smaller businesses, on their PC at the office. Yes, a real PC.

To enable access from home meant millions of operators had to do something. Unfortunately, for many of them that "something" was to throw open RDP ports on their firewalls. Go ahead. Scroll through r/sysadmin for even a short time, and you'll see what I mean. 

The impact of that can be seen in this blog post from SANS (you know, the security institute peeps) on a sudden spike in scanning for open RDP ports. The thing is this isn't just data showing scans for open RDP ports; this is data showing scans finding open RDP ports.

And if you dig a bit further into the post, you'll find another chart that shows an increase in openly accessible services running on port 8080. You know, the alternative to port 80. The port most often used to access web-enabled consoles that control things like Kubernetes and your Java app server and, sometimes, your network infrastructure.

There are many who believe that the sudden shift to "work from home" this pandemic brought about is here to stay. And that may be the case. As a 20+ year distributed employee, I'm all for working where you are if you can. But I'm not all for unfettered remote access. 

Before everyone jumps on these overwhelmed admins and operators, it's important to remember that many of them were given about a day's notice to “turn on” remote access. The burden of business continuity was suddenly on their shoulders, with no warning or time to prepare. They have managed admirably to enable a distributed, remote workforce. They are to be commended for keeping us connected.

But now that the urgency of enablement has passed and the specter of many more weeks of work-from-home as the status quo hangs over us, it may be time to start securing access. Maybe that's with a remote access solution (like an SSL VPN) or just making sure consoles require authentication. Perhaps it's digging into identity federation options or forcing password changes more often.

There is a plethora of options available that can improve your security posture in the face of significant numbers of your workforce working remotely.

Check them out and put the ones that make sense for your organization into action, given your situation and the need for continued remote access to apps, desktops, and your network.

Stay safe. Stay secure.