Ottawa warns infosec pros to close holes in remote access services

Recent hacks have prompted Canada’s cybesecurity monitor to warn IT administrators to immediately patch critical infrastructure and implement two-factor authentication (2FA) where possible.

The general alert issued on Tuesday by the Canadian Centre for Cyber Security, the federal government agency that advises the private and public sectors, doesn’t name specific incidents. Instead, it points to previously published warnings about attacks on virtual private networks — which are increasingly being used by organizations making employees work from home due to the COVID-19 crisis — and to a March alert on patching a vulnerability in several versions of Microsoft Exchange Server.

More recently the centre, along with the U.S. and U.K., warned that nation-states are targeting universities and pharmaceutical companies conducting COVID-19 vaccine research.

“In recent months, the Cyber Centre has been made aware of several compromises of computer networks in Canada,” Tuesday’s alert says. “The compromises took advantage of vulnerable, less secure implementations of remote access services.  In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version.

Related:

Expect phishing attacks on remote workers to increase during COVID-19 pandemic

 

“The malicious activities were reported to the Cyber Centre in June and July 2020. Incidents included intensive reconnaissance-style scanning of target networks, followed by the successful compromise of vulnerable and improperly secured servers and network access devices. In some instances, malware was installed, and compromised infrastructure may have been used in attempts to compromise different networks and/or other organizations. Threat actors may have remained active on compromised networks for a period of months before their activities were detected.”

The alert pointedly notes that the centre has already published many advisories and alerts on the dangers of hacking through weakly-protected remote services.

As far back as April, security vendor Kaspersky was also warning that generic brute force attacks on computers and servers allowing access through Microsoft’s remote desktop protocol were skyrocketing.

“The Cyber Centre is urging Canadian organizations to apply all security updates to their internet-facing services and enable 2FA for all remote access accounts,” says the latest federal alert. “Organizations failing to apply security updates in a timely manner and not using 2FA are exposing themselves to compromises such as information theft and ransomware.”

Related:

 

The centre urges admins to:

  • Assess their networks for the presence of vulnerable software, particularly where it is installed on devices exposed to the internet, and patch as soon as possible to the latest version;
  • Implement 2FA on all internet-facing remote access services, starting with perimeter security devices such as firewalls and remote access gateways for teleworkers and administrators;
  • Consider measures to limit the amount of sensitive information that malicious actors can collect about their networks by:
    • Using open source tools to scan their networks for un-necessary or inadequately secured open ports.
    • Implementing an intrusion protection system to reduce the effectiveness of malicious vulnerability scanning activities.
    • Configuring internet-facing web servers with minimalist error pages that don’t leak product and version information.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now