As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors
As the US Cybersecurity and Infrastructure Security Agency (CISA) also reported on March 13, 2020; more VPN vulnerabilities are being found and targeted by malicious cyber actors. What makes this heightened attack most worrisome is the the installation of corporate VPN on employees’ home PCs in order to facilitate remote work during the COVID-19 outbreak. By connecting employees’ personal computer to company VPN, organizations are essentially placing foreign and unmanaged home PCs on corporate network. This is a recipe for disaster as ransomware can travel between employee PC and corporate network.
As Microsoft noted in it’s April 1, 2020 post, after successful exploitation of VPNs, attackers steal credentials, elevate their privileges, and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads.
The Zero Trust Approach
VPN, as currently implemented, is too trusting of connected devices. A better approach pioneered by Google (BeyondCorp), commonly called Zero Trust is a much safer method for remote work. Zero Trust is not a product; it is an information security framework which states that organizations should not trust any system inside or outside of their network at any time. Therefore, there are different implementations of the framework based on an organization’s goals.
For example, organizations that use VPN to allow remote employees or contractors to connect to Windows computers or Windows applications may consider a solution such as TruGrid SecureRDP. TruGrid SecureRDP does not allow lateral movements between remote and corporate network and includes multi factor authentication.
About Century Solutions Group, Inc.
At Century Solutions Group, we do IT support differently. We invest in our people, our technology and training to ensure we deliver unparalleled, customized computer support services to help you achieve your goals with your budget in mind. We have helped Atlanta Georgia businesses since 1996, giving us the experience to handle the most challenging and dynamic environments—and we can help you, too with the best managed services.