March 19, 2020

Keep New Remote Users Safe – WST

As institutions and companies around the world scramble to support a new or enlarged remote workforce, we are already seeing attackers take advantage of fear and confusion to launch attacks using COVID-19 as a topic.  The bad guys have always leveraged disasters and major events to improve success rates and the current pandemic is no different.

  1. As you are quickly training new remote workers, make sure you remind them to be on the lookout for phishing attacks that will be targeting them.  Credential theft is likely going to be the biggest threat, so fake logon pages and emails asking for credentials are expected threats.  Strong Multi-Factor Authentication (MFA) can help, but does not eliminate the threat.
  2. For Azure AD or Office365 integrated environments, token stealing is also a possibility.  Make sure users understand that some email attacks will link to an actual Office365 page, but by using the link, it creates an authorization token for the attacker to use.  Where possible, disseminate any remote access links using methods other than email, and then tell users you will not be emailing them links for any reason.
  3. “Push” notifications can make remote authentication via MFA easy, but can also introduce human error.  If an attacker attempts to log in, and the legitimate user receives a push notification in their authenticator app, make sure they know not to just hit “Accept”.  Any push notifications, or texts containing MFA codes that the user did not initiate should be reported immediately.
  4. Audit your remote access logs.  Try to be able to spot trends and anomalies in remote access logons.  Setup proactive alerts where possible.  This can be one of your last lines of defense to spot unauthorized usage or abuse of a remote connection.

Past Weekly Security Tips – WST

2020-03-19T17:04:56+00:00