Hackers pivot to attack remote workers
In the current work-from-home environment, attackers are trying more interactive techniques to throw users off guard.
As identity authentication practices at public- and private-sector organizations have transformed in response to the surge in remote work, cyber criminals are adjusting their tactics, according to federal security experts.
In the last six months, the attack vector on federal and commercial networks has changed, said Sean Connelly, Trusted Internet Connection (TIC) program manager at the Cybersecurity and Infrastructure Security Agency.
With the traditional TIC 2 architecture's "castle and moat" style of cyber protections, attackers would look for buffer overflows, DNS and other weaknesses, Connelly said during a Sept. 22 Venable webcast on identity security. In the current work-from-home environment, however, attackers have shifted to more interactive techniques, trying to throw users off guard, he said.
"Now adversaries are trying to get you to click on something, like a social messaging app," Connelly said. "How do you put security controls around a social messaging app?"
Fake social networking profiles aimed at gaining employees' trust, as well as cyber thieves creating fake login pages are also increasing, according to Connelly. "Those attacks are shifting everywhere traditional network security controls are not located," he said. "Many attackers are actually calling employees and encouraging them to logon to those fake pages and then grabbing their credentials."
"Because we're not physically co-located anymore, there are a lot of authentication factors we used to assume, that we now can't use," Wendy Nather, head of advisory CISOs at Cisco’s Duo Security, said during the Venable event. "If somebody calls the help desk, how are you going to verify them if they can't walk over and show you their CAC [common access card].… Those sorts of processes have been breaking down."
"Some of the things that we've long held as pretty strong controls like the PIV [personal identity verification] and the CAC, they have weaknesses now because a PIV card requires an in-person validation, like a fingerprint," Ross Foard, a senior engineer in CISA's cybersecurity division, said during the webcast. "That is not as easy to do now."
CISA, he said, is using a card similar to a PIV card for new hires that has derived authentication that doesn't necessarily require an initial fingerprint from those new hires.
TIC 3.0 and Zero Trust can help federal networks adjust, but those technologies are still emerging, so network operators should be vigilant, said the experts.
This article was first posted to FCW, a sibling site to GCN.
NEXT STORY: Cybercriminals strike schools amid pandemic