Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/8/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Safeguard Your Remote Workforce

DDoS attacks on VPN servers can not only bring remote work to a standstill but also cut off admins from accessing their systems. Here are three ways to stay safer.

Operational continuity is crucial for organizations at the best of times — and right now, we're a long way from the best of times. The evolving COVID-19 pandemic has introduced extraordinary challenges for individuals and organizations alike, and retaining a semblance of normality amid the mass shift to home working and online service delivery is proving to be an uphill struggle for many businesses.

A crucial part of ensuring operational continuity, or something close to it, throughout the pandemic is cyber resilience — that is, being able to ensure continuity of digital services, from the applications and data that employees need to carry out their duties from home to any customer-facing elements such as e-commerce websites and mobile apps.

But how is the pandemic affecting organizations' cyber resilience — and how can they meet the challenge head on, to mitigate the risks to their business?

Cyber Resilience Is Multifaceted
Cyber resilience is not only about ensuring that key digital systems and applications continue to be operational. It is about protecting those systems and applications from malicious interference, whether because of digital vandalism or more sophisticated attempts to infiltrate the organizational infrastructure and steal data.

It is also about protecting the organization's online reputation, ensuring that damaging or untrue news stories do not proliferate across social media. The unfolding coronavirus pandemic is having a dramatic impact on organizations' ability to manage all three of these aspects.

VPN Access Turns into a Bottleneck
Operational availability of core systems and applications has been challenged by the drastic change in working circumstances to which most organizations must adapt. The shift to home working has required organizations to deploy new collaboration and conferencing tools, organize new cloud service delivery models and perhaps secure VPN access for staff working from home, and even get new hardware out to remote staff. This is costly and complex.

Meanwhile, many of the organizations supplying such services have had to rapidly reorganize in order to ensure continuity of service amid huge spikes in demand.

That migration to remote working and reliance on using VPNs also elevates cyber-risk. "With these systems now categorized as critical, the 'expected business impact' of an attack substantially increased, driving up overall business risk," says Andy Shoemaker, founder and CEO of NimbusDDoS, a Boston-based pen-testing provider.

If the organization's VPN server is attacked, it affects everything: not just the remote workers trying to access corporate resources but also network admins working remotely. The attack could lock them out of management consoles, meaning they are unable to make network changes to remediate the problem. In this scenario, having to scramble a member of the IT team to headquarters to start redirecting IP traffic could easily mean hours of downtime and disruption. Put simply, the remote access capability that is keeping the business going has also become a single point of failure.

"Pathways into the infrastructure are substantially reduced, and it's possible you may lose access completely during an attack," Shoemaker says. "Also, incident response processes are usually designed based on assumptions regarding staff availability, and system access. If these are impacted seriously, as they have been during the pandemic, then the procedures themselves can break down, further extending downtimes. Especially during periods of financial hardship, a person with the skills to perform a DDoS attack may be compelled to engage in extortion-motivated DDoS attacks."

Attacks Are Up 30%
It's no surprise that organizations have noted a substantial increase in the volume and type of cyberattacks being leveled at businesses, many seeking to capitalize specifically on fear and uncertainty around the virus. Link11 has witnessed a notable 30% increase in the volume of DDoS attacks defended against from February 17 to March 9 compared with the same period in 2019 (disclosure: I'm the COO of Link11). Other organizations have reported similar increases. Some of these may well be motivated by extortion or revenge — especially as the pandemic has meant many organizations have made employees redundant or furloughed staff.

Alongside DDoS attacks, ransomware is proving particularly effective, as phishing emails and messages exploit very real desires for information and advice related to the pandemic.

And of course, should a business fall victim to any such attack, the potential reputational risk remains. Bad news travels fast online — particularly with so many people working from home and trawling news and social media sites.

How to Build and Maintain Cyber Resilience
Today, most organizations operate fragmented IT landscapes comprising on-premises equipment, and a growing number of workloads hosted in private clouds and public clouds. To ensure a holistic security layer across these complex, hybrid environments, organizations should follow these steps:

1. Act, don't react.
Cyberattacks rarely occur in isolation. Organizations that experience DDoS attacks often also report theft of intellectual property, customer data or financial assets, and resources. Criminals will often launch a DDoS attack against one part of an organisation to divert attention from a hacking attempt or malware exploit. Therefore, comprehensive DDoS mitigation should be a key part of an organization's defences. 

2. Have a shield in the cloud.
To deliver that protection, all traffic to the organization's website and resources should be routed via an external cloud service that uses algorithms and machine learning techniques to identify and filter out all malicious traffic instantly before it affects critical services. This means the organization's IT and security teams cannot be distracted by a diversionary DDoS exploit, enabling them to focus on blocking stealthy, targeted attacks.

3. Protect your APIs.
These stealthy attacks include targeting web applications and the APIs they use, with the aim of exfiltrating data. Criminals are increasingly looking to exploit these as they typically have low levels of protection and monitoring. They're also the weakest link within the IT value chain and can easily bring operations to a halt when they are flooded. Victims of this type of attack include a leading credit-checking agency, which resulted in over a million consumer records stolen. Organizations should assess the risk exposure of their web applications and APIs, deploy automated solutions that can dynamically adapt to new threats, and block attacks before they can reach the application itself to help stop breaches happening.

This "new normal" that we are all experiencing will only be temporary. But the positive impacts of putting such protections in place could last a lifetime.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
 
 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...