Blog

Cyber Strategies – Reduce Your Attack Surfaces for Enhanced Security

TruGrid award at ChannelPro Defend 2023 for Best Expo Hall Presentation

In the ever-evolving quest for effective cybersecurity solutions and strategy, the ChannelPro Defend: SMB Cybersecurity Strategies for IT Solution Providers symposium was a convergence of industry experts and solution providers. Held from November 1st to 2nd, 2023, at the Pacific Palms Resort, attendees were united in their quest to learn how best to counter escalating cyber threats.

This year’s symposium was momentous for the breadth of knowledge exchanged, and for the recognition of excellence in cybersecurity solutions. Amidst this gathering, TruGrid was honored with the “Best Expo Hall Presentation” award.

The standout presentation was “Cyber Strategies – Reduce Your Attack Surfaces”, which not only identified often-ignored cybersecurity vulnerabilities but also proposed effective strategies for mitigating these risks.

Common Attack Surfaces

With the deluge of antivirus, EDRs, and realtime threat detection systems, several organizations focus on solutions to prevent compromise once a threat is already inside their network, but few focus on preventing attacks from inbound exposures in the first place. For example, below are three sources of incoming cyber-attacks that many organizations often ignore.

  1. Open Inbound Ports: These are often left exposed over the internet, offering an easy entry point for cyber-attacks. Examples include VPN and other Access Gateways, RDP ports, HTTP ports without SSL and MFA, FTP, SMB, SSH, SMTP (Exchange Web Shell), etc.
  2. VPNs: VPNs can expose a private network to remote endpoints and vulnerable / insecure WiFi and networks that the organization does not control.
  3. Cloud Services: Although essential, they often have global exposure which can be exploited in countries and locations where an organization’s employees don’t operate.

Why Focus on These Attack Surfaces?

Experts agree that effective cybersecurity is multi-layered. Hence, organizations should eliminate as many inbound sources of attacks, as much as they prevent compromise once a threat is on the network.  Here’s a deeper dive into why particular attention should be given to often-ignored attack surfaces:

Open Inbound Ports: Gateways to Cyber Threats

Open inbound ports are akin to unlocked doors. They provide access to information. When left unguarded, they become vulnerable to cyber-attacks. Inbound ports, if not securely managed, can be easily exploited for unauthorized access, data breaches, and various forms of cyber-attacks. Common examples of easily-compromised inbound ports are VPN and other Access Gateways, RDP ports, HTTP ports without SSL and MFA, FTP, SMB, SSH, SMTP (Exchange Web Shell), etc.

VPNs: A Double-Edged Sword of Remote Connectivity

Virtual Private Networks (VPNs) are widely used for remote access to private networks, offering an encrypted tunnel for secure communication. However, every remote VPN client / endpoint becomes an extension of the private network it is connected to. If a remote endpoint using a VPN is compromised, the integrity of the entire network can be at risk. The prospect of compromise increases as remote VPN endpoints use open / insecure WiFi at airports and hotels. Furthermore, the inherent complexity and management requirements of VPNs can lead to configuration errors, leaving gaps in security.

Cloud Services: Balancing Accessibility and Security

Cloud services have revolutionized how businesses operate, offering scalability, flexibility, and accessibility. However, their very nature of global accessibility makes them susceptible to cyber threats. While these services often come with advanced security features, one of the most common ways that cloud services are breached is by being accessed for logins from countries where an organization’s employees do not operate.

In summary, focusing on securing attack surfaces is crucial for a robust cybersecurity strategy. For example, solutions like TruGrid SecureRDP allows remote / RDP access to Windows computers behind firewalls without open ports. It helps organizations eliminate the need for using VPN or any inbound port for RDP access.

Real-World Examples

There are some notable cyber-attacks involving VPN compromise, such as the Target security breach of 2013, Travelex 2020 security breach, and CNA Insurance 2021 security breach (affecting the corporate network and over 30,000 endpoints remotely connected over VPN)!

VPN TunnelCrack (August 2023)

A groundbreaking revelation was the vulnerability in VPNs known as VPN TunnelCrack. This vulnerability, inherent in VPN technology since 1996, can allow traffic to bypass protected tunnels, compromising security regardless of the protocol used.

Access Gateways (November 2023)

More recently (November 2023), exploitation of unpatched and exposed Citrix NetScaler (CVE-2023-4966) by LockBit Ransomware Group led to very high-profile security breaches involving Boeing, Industrial & Commercial Bank of China (ICBC), DP World, and Allen & Overy. ICBC is the world’s biggest bank and their Citrix NetScaler breach disrupted trades in the U.S. Treasury market on Nov. 9, 2023.

Recommended Actions

In response to these vulnerabilities, the following actions are recommended:

  1. Eliminate VPN and Open Inbound Ports: This reduces the attack surface significantly.
  2. Adopt Proxied/Private Access Solutions: For example, TruGrid SecureRDP offers secure access to Windows computers and applications without exposing the network.
  3. Utilize Specialized Cloud Providers: Leveraging services like M365, Dropbox, Salesforce, and ERP solutions can enhance security.
  4. Enable Geo-Blocking: This involves blocking login access from countries outside of primary operations and allowing logins only from desired countries.

TruGrid's Role in Cybersecurity

TruGrid is a leader in cybersecurity solutions that offer remote access and management without exposed / inbound ports. By offering services like TruGrid SecureRDP and BitLocker Management, TruGrid provides robust security without the complexities and vulnerabilities of traditional VPNs or access gateways. These solutions are designed to integrate seamlessly with existing systems while enhancing organizations cybersecurity posture.

Conclusion

The ChannelPro Defend: SMB Cybersecurity Strategies for IT Solution Providers event was a great occasion for thought leadership and knowledge exchange, and a testament to the innovations driving the cybersecurity industry forward.

TruGrid was humbled to be one of the honorees.

Please contact TruGrid to experience the benefits of access without inbound exposure, or sign up for a free trial.