The Verizon report was packed full of interesting (and somewhat scary) findings. One of the items that struck me as interesting is the section discussing attack vectors (page 20).
“In approximately four of 10 hacking-related breaches, an attacker gained unauthorized access to the victim via one of the many types of remote access and management software. Rather than for internal usage, most of these connections were provisioned to third parties in order to remotely administer systems. As discussed extensively in this and previous reports, the ultimate attacker is not typically the third party (although that certainly happens). More often, an external entity compromises the partner and then uses trusted connections to access the victim. From the victim’s perspective the attacker appears to be an authorized third party, making this scenario particularly problematic. This is especially so when trusted access is coupled with default credentials.”
Why is it interesting to me? Because our own analysis of the application traffic in 63 enterprises found that remote desktop applications are being used not only by IT and support – but also by employees who want to access their home machine – or someone else’s - while they are at work. Overall we found that 95% of the companies who participated in the analysis had remote control applications present. Not surprising really. What is surprising is [1] the breadth of application variants (24 different remote access control applications) and [2] the high rate of SSH usage (89% out of 63).
Read more about the findings here. http://blog.paloaltonetworks.com/?p=162
The Remote Computing Vulnerability
It seems to me that social vulnerabilities will remain long after the last (?) of the technical ones are tied up.
It's not just that there is always someone dumb enough to click on a link in a misspelled bank's email or to send money to some foreign country in order to help some "lucky person" retrieve their millions.
It's much simpler than that. People just can't remember passwords. They choose easy ones, they simply add numbers to their old ones and they use sticky notes to stick their passwords onto their monitors or under the lids of their closed laptops when travelling.
While I do care about their home security, I'm much more concerned about the security of the organisation. What happens when those sticky notes are found - even worse, what happens when their laptop has all of their other passwords cached (or written down) including their workplace VPN and Remote desktop passwords.
Trouble.. that's what.
Post new comment