Common Causes for the Recent Major Spike in Security Incidents
With the quick response to transition internal office employees to teleworkers companies have scrambled to ensure remote access was available for all staff members. In many environments the VPN solution was not meant to handle utilization for the entire organization. Impressively, many of HALOCK’s clients had been able to make the changeover smoothly. However, as the initial wave of help desk tickets and service requests have been remediated, HALOCK started getting a significant increase in calls to our emergency help line. Hackers were taking advantage of these newly distributed workforces and newly configured network environments.
While HALOCK’s response and forensics engineers were tending to the spike in incidents our consultants reached out to current clients to understand how the COVID-19 Stay-at-Home order as impacted either their compliance requirements or information security programs. Our breach response teams and security consultants were finding the same thing: Many establishments have significantly reduced their ability to manage corporate endpoints and have implemented multiple ad-hoc changes to the infrastructure to accommodate employee needs as they transition to their work at home environments. And these were creating new and easy opportunities for hackers.
As a result of these trends, HALOCK is urging all of our clients to review remote access systems and teleworker practices to ensure you are providing your user base a secure and compliant solution in the near-term and going forward. Here are a few insecure practices and threats HALOCK has identified:
|End user devices are susceptible to malware and malicious activity due to missing security controls that were applied by the internal enterprise security solutions.
|Multiple security weaknesses have been found in the configuration of VPN infrastructures that may allow an attacker the ability to gain access to the corporate network through a compromised remote endpoint.
|HALOCK found similar results for those companies that have moved or are in the process of moving critical services to the cloud. Organizations seem to have relaxed in configuring access control best practices and compliance standards within these hosted solutions.
Partnering with our clients, HALOCK has seen an increase in work effort for both the hardening of these controls and the recovery from adversaries that have compromised these known vulnerabilities. As we help clients move into the next phase of this pandemic, HALOCK wants to ensure other organizations are continuing to meet compliance requirements and protecting their user base from these common security weaknesses we have identified.
Identify current business continuity gaps and encourage management to adopt modern security best practices as we proactively prepare for phase 2 of this pandemic, and other emergencies.
Keep safe and stay secure.
HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies, third-party risk management, risk assessments, penetration testing, security management and architecture reviews, and HIPAA, Privacy, & PCI compliance, incident response and forensics throughout the US.