Many enterprise companies are shifting to a remote work model to prioritize the health and safety of their employees. This comes with a unique set of challenges for IT professionals trying to keep users secure and productive. Ivanti CISO Phil Richardson and Security Expert Chris Goettl share insights on how to best protect your network with users now logging in from home.
2. Agenda Items
Coronavirus Social Engineering
Threat Actors Call a Truce?
Tabletop Exercises You Can Use
3. Situation Analysis Recommendations
Exploit Type:
Exposure: Attack Vectors:Impact:
Phishing Education
Backup / File Restoration Plan
The FBI has issued a PSA, warning organizations and users about the
potential for phishing campaigns taking advantage of those seeking
information on the spread of COVID-19. Some of the emails appear as
though they’re from the CDC. Others ask for your information in order
to get a stimulus check or have attractive offers for medical supplies.
Ransomware
FBI Warns of Phishing Scams
???
Unknown Passwords,
other data stolen
Phishing, Social
Engineering
Patching
Continuous Vulnerability Management
4. COVID-19 Phishing Scams
Phishing campaign pushing Netwalker/Mailto ransomware
Using attachment “CORONAVIRUS_COVID-19.vbs”
Embedded executable, obfuscated for extraction and launch
Victims get a TXT file ransom instructing payment on a Tor
site
A public health district and an Australian logistics company
have fallen victim
5. • Threat actors utilized a legitimate
map from Johns Hopkins in a
Java-based malware scheme
• Selling the kit for $200 or $700
with the seller’s certificate
• Users think the PreLoader is the
map
• Malware designed to steal
passwords
• Additional maps were found with
AZORult malware
Coronavirus Malware Kits
6. Threat Actors with a heart of gold?
BleepingComputer reached out to ransomware threat actors to ask if they will
continue activities against healthcare during the pandemic
Some avoid healthcare or critical response services like 911 by default
Some say they will attempt to avoid healthcare services until the pandemic has
ended
Some say are saying "If someone is encrypted, then he must pay for the
decryption.“ regardless of type or company or service
7. Other Active Threats
TrickBot trojan slipping detection by using text from
Coronavirus articles
An actual ransomware called “CoronaVirus”
Email extortion campaign promising to infect your family with
Coronavirus
9. 1. Your network has just expanded with new devices and networks. You
need to track and manage these new assets and networks.
• Recommendations:
• Remote asset discovery
• Track asset performance
5 Steps to Keeping Remote Workers Secure
10. 2. Train and enforce good security hygiene. Threat actors have been
working from home for forever. Your team hasn’t. An end user’s home is
now the easiest way into your network.
Recommendations:
• Additional employee training
• Put acceptable use plans in place, yes, even at home on personal
devices
• Advise users to be smart about the sites they’re visiting
• Keep systems up to date
5 Steps to Keeping Remote Workers Secure
11. 3. Configuration management. VPN is your first line of defense. Pay extra
attention to GPO policies, configuration settings, and controlling the
systems attached to your network.
Recommendations:
• Configure VPN for allowed devices only
• Not a good idea to have EVERYONE on your VPN
• Make sure customers have the right security structure before joining
your network
5 Steps to Keeping Remote Workers Secure
12. 4. Patching is critical now more than ever. It’s possible that you’ll need to
patch non-corporate owned devices.
Recommendations:
• Ivanti patching solutions (yes, we’re bragging)
• Best in class remote patch management
5 Steps to Keeping Remote Workers Secure
13. 5.) AV is a must on all your remote systems. Ivanti utilizes Crowdstrike’s
AV/AM. We did a global rollout to 1700+ devices and only one person
noticed.
Recommendations:
• Make rollout a “non-event”
5 Steps to Keeping Remote Workers Secure