In 2016, only 43% of American employees worked remotely in some capacity. Today, the swift spread of the COVID-19 pandemic has caused that statistic to surge, forcing organizations and schools across the country to adopt work-from-home (WFH) or learn-from-home policies virtually overnight. Few organizations were prepared to address the myriad new security risks associated with this forced migration, least of all public sector institutions.
Cybersecurity Risks at Home
The typical home now includes multiple unsecured devices: a mix of desktops, laptops, tablets, smartphones and gaming consoles, some consumer Internet of Things (IoT) devices like smart TVs and home security systems, and maybe a few network-connected toys and appliances.
All these share a Wi-Fi access point with basic security settings offered by an internet provider. The IT resources and processes taken for granted in an office – regular patching of operating systems, software, network devices, and security appliances; network safeguards like firewalls and intrusion prevention systems; daily backups of all workloads; updates of endpoint anti-malware; and firmware updates, help desk support, and security awareness training – are greatly reduced or nowhere to be found.
This vulnerability-ridden home environment is an obvious risk when an employee, teacher, or student uses personal equipment to access an organization or school’s private network, even with secure VPN connections. But the concerns do not stop there; the home environment can also threaten the security of organization-owned and -protected devices. Anyone and every device in the household (including unattended IoT devices) could inadvertently let in a piece of malware that threatens your entire organizational network. Worse still, many IoT devices cannot ever be patched for security vulnerabilities, leading to so-called ‘forever-day’ risks that make them particularly easy and appealing targets for cybercriminals.
Additionally, our Cyber Protection Operation Centers (CPOCs) identified a sharp global uptick in phishing attacks starting in February 2020, with many cybercriminals using pandemic-themed messaging to exploit people’s understandable hunger for health and safety information. This has led to a parallel uptick in ransomware attacks. Malware squeezes through the cracks left open by unpatched software, firmware vulnerabilities, and security exploits from operating systems that should have been upgraded years ago. IoT devices can be commandeered into botnets designed to bring down underpowered, inexpertly configured home networking gear with distributed denial-of-service (DDoS) or domain name system (DNS) attacks.
Zoom Exploits Abound
The sudden popularity of videoconferencing and telecommuting applications – like Zoom, WebEx, and Microsoft Teams – also presents a host of new risks. The typical videoconferencing call involves multiple people connecting from home environments, some from personal devices over unsecured networks, into a single session. Within this new remote work era, security training for attendees may be spotty and IT professionals further away than the next office or classroom over.
Meanwhile, cybercriminals can eavesdrop on unsecured home Wi-Fi networks, invade devices via phishing or unsecured remote desktop connections to exfiltrate and lock up sensitive data, and compromise insecure web applications to steal access credentials. Successful VPN compromise and DNS hijacking attempts can redirect users to malicious apps, while bogus online ads can steer users to malicious websites that deliver drive-by malware downloads. Naturally, a host of cybercriminals have pounced on the opportunity to exploit the sudden proliferation of new attack surfaces at the application level.
That brings us back to the suddenly-ubiquitous Zoom which, in addition to the above threats, has proven vulnerable to message injection and code injection attacks, remote-control hijacking, watering-hole attacks via compromised third-party libraries and apps, session ID hijacking, exploits of outdated app versions, man-in-the-middle attacks on chat and video streams, and redirection to malicious URLs.
How Acronis SCS Protects Remote Work Environments, Including Zoom
Organizations and schools with a sudden uptick in remote work environments provide a multitude of opportunities for cyberattack. While the current cyber landscape seems dire for public sector institutions in particular, it can be turned around with the right tools. As a leading provider of cyber protection solutions to the US government, education, healthcare, and nonprofit sectors, Acronis SCS has the tailored and trusted technology your organization needs to mitigate the inherent risk of exposure (to outdated Windows 7 laptops, vintage Wi-Fi routers, unpatched smart home devices, and bored, tech-savvy tweens, for example) that comes hand-in-hand with the new WFH reality.
Acronis SCS Cyber Protect Cloud, our new enterprise-level endpoint protection software with backup and next-generation anti-malware technology, boasts a security toolbox that extends to remote environments generally and Zoom specifically. The solution, which officially launched this week, is expressly designed to support the five vectors of cyber protection, keeping your critical data safe, accessible, private, authenticated, and secure (SAPAS). We categorize its capabilities under the following NIST-inspired cybersecurity framework:
- Prevention – avoid downtime with vulnerability assessment, patch management, and smart protection plans.
- Detection – immediately identify threats with an AI-based behavioral engine for zero-day threats, plus signature-based antivirus for known malware and ransomware threats.
- Response – block attacks with self-protection, backup protection, and primary system protection.
- Recovery – mitigate damage with the instant restore of attack-compromised data from a local cache.
- Identification/forensics – enable post-incident investigations with enhanced backups that include memory dumps and meta information.
Our solution is designed to protect Zoom on remote devices with the following features:
- Blocking of code-injection attacks on the local Zoom application process by Acronis SCS self-defense and behavioral engine rules;
- Prevention of website redirection attacks that change DNS settings via Acronis SCS URL filtering, which validates all inbound and outbound traffic generated by Zoom and prevents requests to malicious websites;
- Blocking of attacks via third-party applications via Acronis SCS anti-malware and URL-filtering capabilities, and;
- Blocking of malware hooks to steal streaming content via Acronis SCS kernel-level self-defenses in the runtime environment.
We’ve also built in robust protections for the Zoom application itself with the:
- Blocking of remote control from a compromised machine via Acronis SCS behavioral engine rules that disallow the launching of new processes or downloading of executable files;
- Blocking of attacks from third-party libraries via Acronis SCS stack-trace analysis and exploit detection to identify anomalies, plus Acronis SCS patch management to force security updates to third-party software;
- Prevention of session ID theft via Acronis SCS self-defense of the Zoom database used for access by external processes, and;
- Prevention of the use of outdated Zoom versions via Acronis SCS patch management.
Take Action to Protect Your Organization Today
America’s public sector – including its government leaders and employees, university faculties, teachers, students, and healthcare workers – is wrestling with the new process and technology challenges of a country and world transformed by pandemic. Despite its security flaws, Zoom has proven to be an incredibly useful tool for helping keep the lines of communication and collaboration open and efficient under unfamiliar and stressful conditions. But we must not lose sight of the threat opportunistic cybercriminals wielding new tactics pose for compromising data and halting critical public sector operations and services.
Acronis SCS is here to help. We offer a battery of cyber protection defenses, including endpoint protection and backup and disaster recovery software for SLED (state, local, and education) to counter these new threats, enable the success of remote work, use Zoom safely, survive the current crisis, and thrive in its eventual aftermath. Learn more about how to protect your organization and its remote workloads with Acronis SCS Cyber Protect Cloud today.