The Threat of Ransomware in Remote or Hybrid Environments

The Threat of Ransomware in Remote or Hybrid Environments

In a world where more and more jobs are remote or hybrid, the threat of ransomware remains one of the biggest challenges for organizations everywhere.

2021 was a year that taught us a lot about ransomware and how to respond to it. With the variety of attacks, the financial and economic impact, and the way that organizations responded, a lesson was definitely be learned from the unique variables ransomware created in 2021. As organizations evolve, so should their security strategies.

With organizations supporting remote and hybrid work environments, they lose a little bit of the control inside their perimeter they once had. Attackers are exploiting this weakness and profiting from it. Three ways they’re able to do so are below:

Visibility and control have changed

In remote/hybrid work environments, employees are able to work from anywhere. Employees expect they’ll have seamless access to all company resources from devices outside of the traditional perimeter of the office. This reduces the visibility and control that IT teams have and make it hard to understand any risk that may arise by users and the devices they’re working from.

Phishing is easier on mobile devices

Attackers always try to find ways into your infrastructure. Phishing credentials from an employee without their knowledge is a common way to do that.

Because mobile devices can be used for both business and personal use, they become very popular targets for attackers. Phishing attacks can be initiated through SMS, social media or third party messaging apps. Simplified UI’s of mobile devices makes it slightly easier to hide malicious intent, making it easy for phishing campaigns to be successful.

VPNs enable lateral movement

VPNs allows companies remote access to resources, but can also present a variety of security issues. For instance, VPNs give limited access to whoever connects to it – meaning anyone with access can freely access any app in your infrastructure. Additionally, VPNs don’t evaluate the context under which a connection is established. Context is necessary to detect any anomalies that indicate there may be a compromised account or device.

So what can you do to mitigate the risk of ransomware on remote devices? Here are three pieces of advice:

Protect managed and unmanaged users

Organizations need to be aware of the risk level of devices and users to ensure they’re not compromised. Just one compromised user can be detrimental to the entire infrastructure. With a hybrid work environment, it has caused organizations to enforce a bring-your-own-device model. In this model, unmanaged devices have access to sensitive data. As these devices are less secure than managed devices, it’s critical that you have proper data controls in place.

Implement granular and dynamic access controls

An all-or-nothing approach with VPNs is not the way to go. As users can log in to the VPN from anywhere, you need to understand the context under which they’re accessing your corporate data. Applying the principle of Zero Trust helps provide the right level of access to particular app and only to those users who need it.

Modernize on-premises applications

Organizations still have software that is hosted in data centers and is accessible from the internet. To ensure security, update them with cloud access policies that hide them from being discovered from the public internet, while still enabling authorized users to access them from anywhere. This provides granular access controls, and extends strong authentication security benefits that SaaS applications have, while ensuring no unauthorized users can discover and access your infrastructure.

 

Story via The Hacker News

Google catches Spyware Vendor Targeting Italy and Kazakhstan

Google catches Spyware Vendor Targeting Italy and Kazakhstan

Kaiser Permanente hit by Massive Data Breach

Kaiser Permanente hit by Massive Data Breach