Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target
Remote Worker & Hybrid Worker Models Create Additional Cybersecurity Vulnerabilities For Many Organizations - Be Aware and Lock Down Your Weak Entry Points!
Cybersecurity researchers discover hundreds of thousands of insecure severs, ports and cloud services being used by remote workers that could be easily exploited by cyber attackers.
BY ZDnet Article | Danny Palmer
The increase in the use of cloud services as a result of organizations and their employees shifting to remote work because of the COVID-19 pandemic is leaving corporate networks exposed to cyberattacks.
Many businesses had to swiftly introduce working from home at the start of the pandemic, with employees becoming reliant on cloud services including Remote Desktop Protocols (RDP), Virtual Private Networks (VPN) and application suites like Microsoft Office 365 or Google Workspace.
While this allowed employees to continue doing their jobs outside the traditional corporate network, it has also increased the potential attack surface for cyber criminals. Malicious hackers are able to exploit the reduced level of monitoring activity, while successfully compromising credentials – that are used to remotely login to cloud services – provides a stealthy route into corporate environments.
Cybersecurity researchers at security company Zscaler analyzed the networks of 1,500 companies and found hundreds of thousands of vulnerabilities in the form of 392,298 exposed servers, 214,230 exposed ports and 60,572 exposed cloud instances – all of which can be discovered on the internet. It claimed the biggest companies have an average of 468 servers exposed, while large companies have 209 at risk.
The researchers defined 'exposed' as something that anyone can connect to if they discover the services – including remote and cloud services. Organizations are likely to be unaware that these services are exposed to the internet in the first place.
In addition to this, researchers discovered unpatched systems with 202,000 Common Vulnerabilities and Exposures (CVEs), an average of 135 per organization, with almost half classified as 'Critical' or 'High' severity.
It's possible that cyber criminals will be able to discover and exploit these vulnerabilities in order to enter corporate networks and lay the foundations for cyberattacks including data theft, ransomware and other malware campaigns.
"The sheer amount of information that is being shared today is concerning because it is all essentially an attack surface. Anything that can be accessed can be exploited by zor malicious users, creating new risks for businesses that don't have complete awareness and control of their network exposure," said Nathan Howe, vice president for emerging technology at Zscaler.
While an increased attack surface can impact organizations of all sizes, international and large employers are the most at risk, due to their number of employees and a distributed workforce.
A global workforce may also make it more difficult to detect anomalous activity because the company is used to employees accessing the network from around the world, so a malicious intruder may not be immediately obvious.
But it's possible to take steps to reduce the attack surface – and the potential risk to the organization as a result. Zscaler recommends three steps for minimizing corporate
The first is to know your network – by being aware of what applications and services are in use, it's easier to mitigate risk.
The second is to know your potential vulnerabilities – researchers recommend that information security teams stay informed about the latest vulnerabilities and the patches that can be applied to counter them.
The third thing organizations should do is adopt practices that minimize risk and act as a deterrent to cyber criminals. For example, secure login credentials for cloud services with multi-factor authentication, so in the event of a username and password being breached, it isn't as simple for criminals to actually access accounts and services."By understanding their individual attack surfaces and deploying appropriate security measures, including zero trust architecture, companies can better protect their application infrastructure from recurring vulnerabilities that allow attackers to steal data, sabotage systems, or hold networks hostage for ransom," said Howe