This is an extension to my blog Productive and Secure Remote Working and Cyber Security during a Pandemic where I just want to describe an emerging cyber threat relating to home working and in particular remote desktop access.
When we are in the office we are protected by a number of systems and firewalls. Our individual PC’s are not visible to the outside world and we are protected by network monitoring systems which are looking for aberrant behaviors relating to malware infestations. When we take that PC out of the office and connect it to our home network it is all of a sudden visible and not monitored. Unless you are using a locked down PC that is by default connected to a VPN, you are visible and vulnerable to all forms of threats.
What are the various means for connecting to the office remotely
There are several ways for people to connect to office systems remotely:
- Office managed Virtual Private Network (VPN) via a company managed device
- Virtual Desktop where a PC is hosted in the cloud and you connect via a secure remote access portal.
- Remote applications accessed via a website
- Remote Desktop Protocol where you connect over the internet to your desktop in the office
- Bring your own Device (BYOD)
- Office Desktop on your home network.
The gold standard is the VPN where the connecting PC cannot access anything on the local/home network and can only connect to resources on the office network once connected to the VPN. Virtual Desktop, so long as they connect via some form of VPN are also secure since everything is hosted in the cloud and nothing can be saved locally. For me this would be the best option.
If you are connecting via some form of VPN to your desktop PC in the office, then that is reasonably secure but your host PC is still vulnerable. However, there is a feature in Windows where you can share desktops using remote assistance that allows you to invite people to control your PC. This is not secure as it requires both PC’s to be accessible via the open internet.
Bring your own Device is often secured through office systems and should be relatively secure. If is not and you have open access to your email, etc., then you are open to attack. One way to secure your BYOD device is to use Microsoft In-Tune to manage the access. There are other services provided by Google and other security vendors if you don’t want to use Microsoft. This should lock down your device when connected to the office systems, and then release it back to a personal device setup when not.
Another way is to install a Virtual Hard Drive (VHD) with a managed operating system installed onto it. Under Windows 10 you can enable this feature and boot to that VHD. You then have a secured environment. This is something I intend to do a lot more research on and post a blog in the future. In the meantime I suggest you do your own research if you think this will help.
What Hackers are Doing
We have seen an increase in hackers attacking the remote desktop protocol (the technology that allows you to access your desktop remotely) as well as people with minimal security on their PC’s.
The remote desktop protocol is an essential tool to allow you to access and manage remote servers and PC’s. It is a mature technology but does have its vulnerabilities. I draw your attention to a vulnerability called BlueKeep from 2019 that I blogged about in “RDP Bug on Windows – Patch Now” at the time. This allowed hackers to access a remote PC and then move laterally to more valuable targets. While this vulnerability should be largely patched by now, the concept remains and we are finding more vulnerabilities all the time. This forced me to shutdown all remote desktop protocols on my home network and change to a different mechanism to manage my home computers.
We are also seeing social engineering attacks focusing on installing malware onto your PC to allow hackers to access to your office systems. This is a particular issue of you have a desktop PC that is normally connected to the office network and has been rapidly deployed to your home network. You will still be accessing Office applications (e.g. those in Office 365), but from an open and unsecured connection to the Internet. This means that any malware that gets in has access to your email, cloud storage and any cloud based applications you access remotely via a website. Malware is also trying to extract your remote application credentials so hackers can access them from their own location.
What can I do to Protect Myself
First be aware what is happening. If you have read so far you know what the threat is.
If you fall into the category of not having a company managed device connected to s secure VPN, then you are vulnerable. Here are some pointers that you need to follow:
- Ensure you have an up to date anti-malware/Internet Security application running with the latest virus definitions and all features enabled
- Install all operating system patches as they come out
- Be on the lookout for Social Engineering attacks and think before you click
- Read our guidance pages, and in particular the ones on malware
- Have a secure password and where possible employ two factor authentication
- Watch our Twitter feed for the latest news on emerging threats as they happen.
If you have an office managed device, ensure you follow all the guidance your company announces and their internal policies on remote working and security.
If you are running Microsoft Windows 10, then this has Windows Defender enabled by default which is now a very capable Internet Security suite. There are also intentions to put this on MAC’s and Linux. Others are:
- AVG Internet Security, which is now owned by Avast
- McAfee (not recommended though)
- Symantec (often used in enterprises, but not recommended for home users).
Take a look at this TechRadar page for a list of recommendations with reviews.
During the current pandemic we are all working in a different form of environment. Those that can perform a full working week remotely are the lucky ones. However, as companies drove to get people out of the office as fast as they could, this has lead to deploying insecure systems. Also by rapidly deploying remote office applications like Office 365, effective security measures have been overlooked.
The best we can do for now is be vigilant and be cyber aware. This is the prime purpose of this blog, to raise awareness and make sure people have the tools to be safe when online.
When the dust settles I hope a lot of people will review what has happened and improve their security particularly around remote working. Until then please be safe online as well as in person.