With the rise of a remote working population, “remote hackers” have been re-emerging as well. These remote hackers take advantage of remote working technologies like video conferencing tools, enterprise VPNs, and other remote access solutions that have become popular during the COVID-19 crisis.
Here are ways bad actors can use remote access hacking opportunities to hack into remote access tools, steal sensitive data, and disrupt businesses.
1) Corporate/Enterprise VPN
Companies and organizations that had to quickly mobilize for remote working environments have also had to deploy new networks such as VPNs. This growing trend has prompted hackers to exploit a wide range of publicly known vulnerabilities that are found in some VPNs.
The major drawbacks of VPNs are their encryption systems. Not all VPNs provide end to end encryption (EE2E), if not relying on weak or outdated encryption methods.
For example, VPNs using the old VPN protocol, PPTP (Point-to-Point Tunnelling Protocol), have proven to be insecure and proven to break easily. Furthermore, this type of traffic can easily be stumped by a firewall.
Because such outdated protocols can be compromised, they do not provide sufficient security in terms of data protection. Companies using corporate VPNs should be aware of the various VPN protocols and avoid using VPNs with older and less secure protocols.
VPNs run 24/7, which means organizations are less likely to check for and apply security patches on a regular basis. This also makes VPNs vulnerable and susceptible to attacks by hackers. For instance, hackers may start a phishing campaign to target remote employees in order to steal their usernames and passwords that gives them access to the VPN, and by extension, your network.
The 2015 data breach of the human resources department for the US federal government is a prime example of hackers exploiting internal data through a weak VPN.
2) RDP (Remote Desktop Protocol)
As remote work surges, many organizations are also opting to use Microsoft Remote Desk Protocol (RDP) to access remote PCs and other devices. Unfortunately, RDP is vulnerable when port 3389 is opened to the public and therefore can make entire IT systems vulnerable to cyberattacks.
Hackers are known to use online scanning tools that are designed specifically to search for unsecured RDP endpoints. Hackers with stolen credentials in hand (acquired through brute force or other malicious ways) may exploit this port to gain access to the internal network of a company or organization.
Just as hackers can steal the login credentials for corporate VPNs, hackers can also acquire the ID/PWs of RDP users too. This creates a problem because neither VPNs nor remote access software like RDP cannot distinguish between bad and good actors once they’re inside the network.
Besides these cybersecurity challenges, using RDP also presents challenges to the remote worker. Because RDP works as a one-to-one connection, more than one user cannot access the same resource.
3) RAT (Remote Access Trojan)
While hackers are exploiting the vulnerabilities found in actual solutions like business VPNs and RDP to gain access to the company network, they are using traditional tactics to target remote employees.
Remote hackers use various malware deployment methods; the most common (and probably the easiest) way for hackers to reach unsuspecting victims is through phishing campaigns.
In this scenario, hackers will send emails with links or files, which unsuspecting recipients may click on. The malware is then executed within the client — the victim’s device; the compromised device is left open to the hackers so they can access the private network directly. Hackers may also try to instill the use of macros within Excel or Word docs to execute malware and take over a PC.
Among the different types of malware out there, one to note is Remote Access Trojans (RATs). This malware introduces an administrative back door on the target computer and pretends to be like remote access programs(users won’t notice that someone is watching).
RATs are oftentimes used in conjunction with other desktop-sharing clients and are usually downloaded invisibly. This gives hackers a chance to scan n for more vulnerabilities in the server/network before launching a bigger cyberattack. Recently, RATs have been used by hackers to target hospitals and other health organizations in the United States and Europe.
In a remote work environment, users might think a RAT is a legitimate program when working from home and therefore likely to avoid detection by the employee or company.
4) Video Conferencing Tools
During the COVID-19, even organizations in industries like healthcare, education, and governments are using free services to host virtual meetings. For this reason, video conferencing tools such as Zoom, Google Meet, Microsoft Teams, and others have gained more traction over the last few months.
These tools are beneficial when remote working, but sometimes illegitimate users are allowed to participate. For example, a new term, Zoombombing, has been coined to refer to unwanted intrusion into a Zoom meeting.
However, calling Zoombombing as “hacking” can be a bit misleading. This form of “attack” does not actually involve remote hackers stealing data or spreading malware. “Hacking” into a Zoom meeting is relatively easy if certain privacy settings are not turned on.
Identity theft, on the other hand, is a more serious issue with video conferencing tools. Hackers, with stolen credentials, can freely access users’ emails, names, photos, or even webcams on personal devices.
Video conferencing tools remain vulnerable because virtual meetings sometimes only require an invitation link and ID, but not a password. Users may also be too lazy to update security patches to the latest version, which can make using these tools vulnerable to unwanted intrusions.
5) Automated Malicious Bots
In the wake of the coronavirus outbreak, companies in industries like healthcare are tapping into the power of automated bots to help identify vulnerable patients and screen employees.
While bots have their evident merits, hackers can also harness the power of automated bots for malicious purposes. Sophisticated bots are able to automate the process of finding and hijacking vulnerable security points.
Bad bots that constantly scan your websites, apps, and APIs for security weaknesses that make companies and organizations vulnerable.
The scary part is that even novice hackers can easily use automated bots programs to wreak havoc. In just 15 seconds, a bot can also scan the network to which the server is connected, find the login credentials of vulnerable machines, and create new user accounts for hackers to use.
What can be done?
As companies and organizations shift to remote working, they must adapt to current cybersecurity threats that are threatening remote work environments. This entails preparing employees and IT staff for the possible cyber challenges to come.
For example, if you’re using VPNs but not implementing 2FA or MFA, urge employees to use strong passwords. Employees should be aware of the repercussions of falling for a phishing email or using weak login credentials.
As a website security provider, we here at Cloudbric offer a Remote Access Solution that directly addresses some of the concerns of traditional enterprise VPNs and other remote working tools.
Because the solution is backed by our 24/7 security monitoring it checks for malicious behavior before an authorized user can enter the network. That means it prevents granting access to a user that might be riddled with malware. Learn more at www.cloudbric.com/remote-access.