TruGrid Cybersecurity Blog – April 2020 #1
Microsoft Warns Hospitals of Increased Ransomware Attacks During COVID-19
Microsoft has identified several dozens hospitals with vulnerable gateway and VPN appliances.
As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors
As the US Cybersecurity and Infrastructure Security Agency (CISA) also reported on March 13, 2020; more VPN vulnerabilities are being found and targeted by malicious cyber actors. What makes this heightened attack most worrisome is the the installation of corporate VPN on employees’s home PCs in order to facilitate remote work during the COVID-19 outbreak. By connecting employees’ personal computer to company VPN, organizations are essentially placing foreign and un-managed home PCs on corporate network. This is a recipe for disaster as ransomware can travel between employee PC and corporate network.
As Microsoft noted in it’s April 1, 2020 post, after successful exploitation of VPNs, attackers steal credentials, elevate their privileges, and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads.
The Zero Trust Approach
VPN, as currently implemented, is too trusting of connected devices. A better approach pioneered by Google (BeyondCorp), commonly called Zero Trust is a much safer method for remote work. Zero Trust is not a product; it is an information security framework which states that organizations should not trust any system inside or outside of their network at any time. Therefore, there are different implementations of the framework based on an organization’s goals.
For example, organizations that use VPN to allow remote employees or contractors to connect to Windows computers or Windows applications may consider a solution such as TruGrid SecureRDP. TruGrid SecureRDP does not allow lateral movements between remote and corporate network and includes multifactor authentication.
Full Microsoft Article / CISA Corroboration
Reference: TruGrid Cybersecurity News – April 2020 #1