Be Realistic About Remote Access

Risks of Remote Access


The added efficiency and convenience of allowing employees remote access to your corporate network to be able to work from home or on the road is something many of us have come to rely on in our busy lives. Working with contractors who may literally be anywhere in the world has opened doors for increased productivity and collaboration. But, with the benefits of remote and mobile technologies, we must be realistic about the risks and challenges.

The Backoff Point of Sale Malware Hacks Remote Logins to Gain Access

The US Computer Emergency Readiness Team (US-CERT) released an alert last week warning businesses of Backoff, a new and growing point of sale malware being used by cyber criminals to access retail and payment systems and customer information. The Backoff malware uses brute force guessing to uncover the passwords of users on remote access systems like Remote Desktop, Splashtop, Pulseway, LogMeIn, and Join.Me.

Currently, Backoff does not seem to be detectable by antivirus systems. The advisory from US-Cert lists indicators that can determine whether your systems may have been affected by Backoff. The document also provides detailed strategies for Remote Desktop Access, Network Security, and Cash Register and PoS Security to protect the network from this malware. The recommendations below, provided by US-CERT to address Backoff concerns, are also best practices you should consider regardless of any particular malware or threat.

Remote Desktop Access Security Recommendations

  • Lock the system after a period of time or specified number of failed login attempts. This can prevent a successful brute force or password guessing attack such as whatofficials have seen used to launch the Backoff malware.[spacer size=”05″]
  • Limit the number of users who can log in remotely. Target’s new Chief Information Security Officer, in a recent interview reported by the New York Times, referred to the “attack surface” – the more users accessing the system remotely, the greater the opportunity forattack. “You don’t need military-grade defense capabilities to figure out that you have too many connections,” said Mr. Maiorino.[spacer size=”05″]
  • Change the default Remote Desktop listening port and use firewalls to restrict access. It is not difficult for hackers to find the listening port you have designated for remoteaccess.  But, since the majority of systems will continue to use the default port 3389, attackers will target the easy to find, low hanging fruit beforethey will take extra time to track down your unique settings.[spacer size=”05″]
  • Increase the frequency of forced password renewal for users and also increase the required length and complexity of passwords. Reducing the required change ofpassword from every 60 days to every 30 days, for example would cut the exposure time in half should a system become affected by malware like Backoff. Ifaccess is gained by password guessing, once the password is changed, access is cut off. While a shorter breach window is still a breach, limiting the possibility of exposure is recommended.[spacer size=”05″]
  • Always use a reliable encryption software and require extra authentication wherever possible to prevent keylogger or credentialdumping attacks.If a piece of malware isinstalled that can record keystrokes or capture login information, two-factor authentication still leaves attackers missing a piece of the login puzzle.Every extra layer that can be required between the user and the system provides one more hurdle for a cybercriminal to overcome.[spacer size=”05″]
  • Install a Remote Desktop Gateway to restrict access. Remote Desktop Gateway uses the Remote Desktop Protocol (RDP) along with the HTTPS protocol to help create a more secure,encrypted connection enabling you to control access to specific internal network resources. Remote Desktop Gateway provides a point-to-point RDPconnection, rather than allowing remote users access to all internal network resources.[spacer size=”05″]
  • Limit administrative privileges for users and mobile applications to only what is essential. Does remote access need to be full access? If an employee is on-site most of thetime, it may be that they only need to be able to perform very basic, limited tasks if the need arises, after hours, or when they are off site.

Additional Network Security Recommendations

  • Configure firewalls to communicate only with your network and not with any unrecognized, unauthorized IP address on the internet that couldbe a hacker siphoning off your data.[spacer size=”05″]
  • Separate payment processing networks from other networks so access gained to one does not open the door to others.[spacer size=”05″]
  • Limit unauthorized access using strict access control lists segmenting public-facing systems from data stored on back-end systems.[spacer size=”05″]
  • Implement system monitoring tools and process to identify data leakage or unusual activity by authorized users (which may indicatecompromised credentials).

These recommendations contain good advice for any network administrator and any organization that needs to allow employees remote access. The Backoff malware specifically targets point of sale systems to breach secure payment and customer information. For information about cash register and point of sale security, refer to the alert.

The flexibility and remote access to data and systems we enjoy using tools like Remote Desktop and LogMeIn have become essential to the way we work. This is true in many industries and different types of roles and functions. But to minimize the risk that comes from the addition of so many extra access points into corporate networks, strong BYOD and remote work policies are critical.

Contact Loricca TodayThe steps suggested by US-CERT are a great start. If your organization needs help assessing the threats you face, identifying risky access points, and creating procedures and safeguards to protect business-critical data, contact us today to discuss your concerns and challenges.

[divider top=”no”][column size=”1/2″ center=”yes”]

Subscribe Today to receive our monthly email newsletter
including new blog articles, news, and security awareness tips!

[xyz-ihs snippet=”Zoho-Subscribe-Today-Blog”]

[/column][divider top=”no”]