Skip to main content
Article | FINEX Observer

Client Alert: Remote access

COVID-19 and the latest exploitation of remote access network structure

Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)
COVID 19 Coronavirus

By Robert O. Barberi, Jr. | April 21, 2020

With most of the corporate work force working remotely due to COVID-19, bad actors are targeting vulnerabilities with VPNs and other remote access applications.

COVID-19 has brought an abundance of cyber risk exposure issues to the forefront. These new threats have included new directed phishing campaigns (both by email and text messages), which have targeted unauthorized access of user credentials and facilitated the introduction of malware. In addition to these new social engineering techniques, with most of the corporate work force working remotely, bad actors are now also focusing on targeting known vulnerabilities with VPNs and other critical remote access applications.

The availability of remote access applications has become the salvation for many companies who rely upon VPN to keep their businesses operational since the implementation of social distancing guidelines and travel restrictions. Some research has suggested that remote access usage increased by 150% by the end of March.1 While most organizations are currently focused on telework infrastructure to restore business continuity, experts don’t expect all employees who previously worked in company offices to immediately return to office locations. In fact, a recent survey found that 74% of 317 finance leaders said they planned to move some of their office workforce to remote work positions. Therefore, while most companies have used remote access to minimize the impact of COVID-19 to their business, the pandemic is also likely to facilitate continued migration of office functions to remote environments to realize potential cost savings, achieve greater access to skilled workers in new locations and offer flexibility to its work force.

While the benefits of remote access certainly exist, they do not come without increased risks. On April 8, both the U.S. Department of Homeland Security’s Cyber Security Infrastructure Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued alerts describing vulnerabilities associated with the use of VPNs and described the tactics employed by the malicious actors. This follows guidance from both organizations released in March highlighting general considerations associated with a company migrating to a more remote workforce. Both agencies track advanced persistent threats and aim to provide practical advice for the public and private sector through close collaboration with key stakeholders in the critical infrastructure community. These recent alerts following the March guidance suggest a certain amount of urgency behind addressing the highlighted risks.

Some of the key updates in the most recent alerts include the following:

  • In January 2020, both CISA and NCSC reported that malicious cyber actors were exploiting Citrix vulnerabilities. Similar known vulnerabilities are also affecting VPN products from Pulse Secure, Fortinet and Palo Alto.
  • As has been widely reported, hackers have been successful in hijacking teleconferences without security controls, such as unpatched versions of the software.
  • The surge in remote access usage has resulted in the increased use of Microsoft Remote Desktop Protocol (RDP) which requires effective deployment of endpoint solutions. Attacks on unsecured RDP endpoints have increased since the pandemic, as RDP ports left exposed to the internet could result in bad actors gaining access to the entire internal network of the organization. Some reports have suggested that exposed RDPs have increased by as much as 127% since the outbreak of COVID-19.2 Also, one major cyber insurer released a March study highlighting RDP vulnerabilities as one of two most common attack vectors associated with the deployment of ransomware.3

Given that these heightened exposures are likely to survive the end of the COVID-19 pandemic, organizations should be prepared to implement long term strategies for the implementation of new compensating security controls, employee training and risk transfer options with cyber insurance. Willis Towers Watson’s proprietary cyber risk analytics have demonstrated that the implementation of these controls can decrease the likely frequency of a cyber incident associated with these remote access risks. A proper analysis of the business interruption, privacy and ransomware risks a particular organization faces due to potential VPN vulnerabilities is imperative before a properly tailored cyber insurance policy can be negotiated to address the identified exposures.

Footnotes

1 Cooney, Michael. “Coronavirus Challenges Remote Networking.” Network World, Network World, 19 Mat. 2020, www.networkworld.com/article/3532440/coronavirus-challenges-remote-networking.html
“Gartner CFO Survey Reveals 74% Intend to Shift Some Employees to Remote Work Permanently.” Gartner, 3 Apr. 2020, https://www.gartner.com/en/newsroom/press-releases/2020-04-03-gartner-cfo-surey-reveals-74-percent-of-organizations-to-shift-some-employees-to-remote-work-permanently2.

2 Aprozper, Asaf. “127% Increase in Exposed RDPs Due to Surge in Remote Work.” 127% Increased in Exposed RDPs Due to Surge in Remote Work, 30 Mar. 2020, blog.reposify.com/127-increase-in-exposed-rdps-due-to-surge-in-remote-work.

3 “Beazley 2020 Breach Briefing.” Beazley Breach Briefing – 2020, 23 Mar. 2020, www.beazley.com/Documents/2020/beazley-breach-briefing-2020.pdf.

Disclaimer

Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates. COVID-19 is a rapidly evolving situation and changes are occurring frequently. Willis Towers Watson does not undertake to update the information included herein after the date of publication. Accordingly, readers should be aware that certain content may have changed since the date of this publication. Please reach out to the author or your Willis Towers Watson contact for more information.

Author

Senior Vice President, Director
FINEX Cyber Security & Professional Risk

Contact Us