Massive transition to remote work: technical problems and threats to security

Self-isolation and work from home is an effective measure against the spread of infection. There are a lot of additional bonuses: improving labor efficiency , financial benefits for the company, promoting the idea of ​​a minimum basic income (paying people so that they do not leave home, as a result, will pay off many times), and improving the environment . But there is one serious drawback. The sudden transition to the distance of millions of employees without proper training poses enormous risks to information security . Corporate VPNs are not always designed for such a load, and employees themselves often do not know how to use cryptographic tools, work through weak home routers from an unsecured home network.

At a major US agency, some officials began to hold meetings via group iPhone calls because standard conferencing systems did not always work, CNN Business writes citing a federal employee. But these groups support no more than five members, not to mention security risks. In general, government agencies did a good job of moving to a remote location, the source said, although there are some minor technical issues.

The publication cites an example of a US Air Force VPN system that last week supported a maximum of 72,000 concurrent users. At the same time, the US Air Force employs more than 145,000 civilians and more than 130,000 full-time contractors .

Moving away from standard security procedures opens up new opportunities for hackers. As employees increasingly enter the system from home, they have to combine their personal tools with professional ones "on an unprecedented scale."


Two people work from home during an outbreak of coronavirus disease (COVID-19), in Gdynia, Poland, March 16, 2020. Photo: Reuters / Eloy Martin

For employers, the problem lies not only in network bandwidth, but also in the fact that employees introduce new potential vulnerabilities into the routine workflow - weak passwords on personal computers, poorly protected home Wi-Fi routers, poorly protected sites for distance learning (in schools and universities) or infected computers of other family members.

“It’s enough for one of the children to become infected and the infection will spread inside the house,” said Marcus Sachs, former vice president of national security policy at Verizon. It's about malicious computer programs, because digital infection is transmitted between family members in the same way as COVID-19.

Another vector of attack on new remote workers is social engineering, when fraudsters impersonate tech support employees.

According to experts, from a compromised computer of one employee, malware can easily get into a connected office network.

Experts recommend paying special attention to digital hygiene and security, as attackers are trying to take advantage of the coronavirus crisis. According to DomainTools, an information security company, hackers are increasingly creating coronavirus-related websites, applications and tracking tools to take advantage of the surge in interest in coronavirus and infect users' computers and phones , including for ransom requests.

The CovidLock ransomware program for Android intercepts the lock screen, threatening to erase photos and videos on the phone.

In addition to VPN, other systems use remote tools in corporate systems. For example, in 2014, the Federal Communications Commission began the transition to virtual desktops. Based on cloud solutions for employees, digital workstations are created that exist only online.

For the full transition of all office employees to the remote mode, it is also necessary to ensure the widespread penetration of broadband. According to federal research, even in the US, at least 25 million people do not have broadband at home. Employees of special services and intelligence organizations who are expressly prohibited from remote access to secret documents and systems, or this access is very difficult, suffer greatly.

On March 15, 2020, the American cybersecurity agency ISC SANS issued a warning to companies advising them to update their VPN programs and prepare for a surge of malicious emails that will be sent to disoriented employees. It is recommended to monitor activity logs on the corresponding OpenVPN (1194) and SSL VPN ports (TCP / UDP 443, IPsec / IKEv2 UDP 500/4500). A similar warning on corporate VPNs AA20-073Apublished by the Department of Homeland Security Infrastructure and Cybersecurity Agency (DHS CISA).

Last October, the NSA informed users of the discovery of active exploits for Pulse Secure VPN versions from 5.1RX to 9.0RX. At the same time, critical vulnerabilities were discovered in other popular VPNs: Palo Alto GlobalProtect and Fortinet Fortigate. New bugs are constantly found in other corporate VPNs , so be sure to check that you have all the latest VPN patches installed.



On March 17, the British National Cybersecurity Center released a six-page brochure with tips for telecommuting.

Cybercriminals are closely monitoring the trend of moving to remote work "and are doing everything possible to use it to infiltrate the organization," said Esti Peshin, head of the cyber department of Israel Aerospace Industries, Israel’s largest defense contractor.

Today we can only imagine what the world will look like after a pandemic. He will probably never be so open again. Coronavirus dealt a serious blow to globalization and European integration, and the United States failed a leadership test. Perhaps the national policies of some countries will change. The economic crisis will reduce the well-being of people, and fundamental changes will occur in the capitalist system of the world, analysts at Foreign Policy say .

One way or another, at the micro level, everyone should take care of themselves and think about their own safety. For starters, at least patch the VPN.