Remote Work Security and Teleconferencing Applications

Threat actors continue to capitalize on global issues and current trends, with coronavirus-themed attacks dominating more than 80 percent of the threat landscape. Across New Jersey, there has been a substantial increase in remote work and the use of technology such as virtual private networks (VPNs). The use of VPN services by New Jersey state employees increased by approximately 70 percent during the month of March. VPNs allow remote workers to connect to web applications hosted within an organization’s network and/or the entire internal network. With the increase in remote work, it is a priority to keep VPN servers secure and available as they are subject to distributed denial of service (DDoS) attacks. Remote access security is paramount at this time and organizations are highly encouraged to apply the Principle of Least Privilege, enable multi-factor authentication (MFA), and utilize a Network Access Control (NAC) solution for connectivity into internal networks.

Recent email campaigns targeting New Jersey state employees continue to include coronavirus-themed phishing attempts to steal user credentials or deliver malware. Other social engineering tactics used to target remote workers may include IT phishing scams and the exploitation of popular teleconferencing applications and other online collaboration platforms such as Zoom, Google Classroom, and Microsoft Teams. For example, new application-themed domains may be registered for malicious purposes, such as sending fake invitations for scheduled meetings that direct users to these malicious spoofed sites. Additionally, emails may be sent to users requesting them to download teleconferencing applications that actually deliver malware, Windows credentials could be stolen via Universal Naming Convention (UNC) links, and malware may be installed that can record audio or video. As there may be little or no implementation of training, policies, and security protections for these new resources; users should first review security permissions and privacy policies and settings. To help reduce the risk of teleconference hijacking, it is important to make meetings and meeting links private, manage screensharing options, and keep applications updated. 

The NJCCIC reminds users to remain especially vigilant during this time and exercise caution with COVID-19-themed emails, social media posts, and websites. We also advise users to be cautious with attachments, links, and spoofed domains received from unknown contacts; navigate directly to authentic vendor websites; and keep applications up to date. The NJCCIC This is Security post “Tips for Teleworkers, Remote Access Security” provides resources and recommendations to securely telework. Additionally, the FBI released a Public Service Announcement “Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit Increased Use of Virtual Environments,” which provides information on current cyber threat tactics and tips to protect users and organizations.