Site icon IT World Canada

Ottawa warns infosec pros to close holes in remote access services

Image by Aquir via GettyImages.ca

Recent hacks have prompted Canada’s cybesecurity monitor to warn IT administrators to immediately patch critical infrastructure and implement two-factor authentication (2FA) where possible.

The general alert issued on Tuesday by the Canadian Centre for Cyber Security, the federal government agency that advises the private and public sectors, doesn’t name specific incidents. Instead, it points to previously published warnings about attacks on virtual private networks — which are increasingly being used by organizations making employees work from home due to the COVID-19 crisis — and to a March alert on patching a vulnerability in several versions of Microsoft Exchange Server.

More recently the centre, along with the U.S. and U.K., warned that nation-states are targeting universities and pharmaceutical companies conducting COVID-19 vaccine research.

“In recent months, the Cyber Centre has been made aware of several compromises of computer networks in Canada,” Tuesday’s alert says. “The compromises took advantage of vulnerable, less secure implementations of remote access services.  In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version.

Related:

Expect phishing attacks on remote workers to increase during COVID-19 pandemic

 

“The malicious activities were reported to the Cyber Centre in June and July 2020. Incidents included intensive reconnaissance-style scanning of target networks, followed by the successful compromise of vulnerable and improperly secured servers and network access devices. In some instances, malware was installed, and compromised infrastructure may have been used in attempts to compromise different networks and/or other organizations. Threat actors may have remained active on compromised networks for a period of months before their activities were detected.”

The alert pointedly notes that the centre has already published many advisories and alerts on the dangers of hacking through weakly-protected remote services.

As far back as April, security vendor Kaspersky was also warning that generic brute force attacks on computers and servers allowing access through Microsoft’s remote desktop protocol were skyrocketing.

“The Cyber Centre is urging Canadian organizations to apply all security updates to their internet-facing services and enable 2FA for all remote access accounts,” says the latest federal alert. “Organizations failing to apply security updates in a timely manner and not using 2FA are exposing themselves to compromises such as information theft and ransomware.”

Related:

 

The centre urges admins to:

Exit mobile version