By Prof. Marijke Coetzee, University of Johannesburg
Ransomware is on the rise. In the USA, it is estimated that around 65,000 successful breaches occurred in 2020, with no end in sight. Small businesses are affected to a far greater extent as they do not have the financial or technical expertise to protect themselves and mitigate such incidents. This situation is exasperated by the COVID-19 pandemic transforming the way organisations work, resulting in the rise of remote work. Cybercriminals find users working from home easy targets to attack as they are often poorly trained, and their systems suffer from limitations and software vulnerabilities.
The most common ransomware attack vector is phishing. Phishing makes use of social engineering tricks to persuade victims to take actions such as clicking on links. However, the success of a phishing attack is determined by the vulnerabilities on a user’s device that can be exploited. An attacker identifies a target, gathers information about it, and scans for vulnerabilities to exploit. Vulnerabilities such as web browser vulnerabilities introduced by new features, buffer overflow vulnerabilities, or zero-day vulnerabilities might be present to exploit. For example, no web browser is secure due to design issues and flaws and the frequency of browser software updates and patches. After a victim has been tricked into acting, malicious code secretly can use web browser vulnerabilities to download and install malware. In this manner, ransomware is installed on a victim’s machine without their consent. After the ransomware executable is run, the user’s data is encrypted, resulting in a ransom that needs to be paid to access data.
Without software vulnerabilities to exploit, ransomware attacks would not be as simple to perform. Out-of-date insecure software is similar to having cracks in a wall where threat actors can get through. These cracks are known and can be exploited with ease. A wall can only be kept secure if cracks are fixed by continuously updating software. Yet, these cracks often stay unpatched for long periods, becoming one of the most significant risks to an organisation. Employees are more concerned with their work duties and not so much with securing their devices. They do not understand the risks of unpatched software and are wary of performing updates as it uses bandwidth or annoyingly changes how their software works.
To protect themselves from ransomware attacks, users should implement familiar defences, such as not clicking on links from unfamiliar sources, using strong authentication, regularly backing up systems, and using long, strong and unique passwords, and disabling popups. Most importantly, they should be updating their software to ensure that vulnerabilities cannot be exploited.
For users working from home, it is more challenging to keep software up-to-date. Many employees work from their own devices, as not all have company laptops. A major concern is whether these home devices have been appropriately updated. As home devices are not centrally managed, their software becomes vulnerable. Technical teams do not have access to home devices to see what software needs to be updated and deployed. Due to bandwidth constraints, downloading hefty updates and patches can be a slow process fraught with error.
In these situations, nothing more can be done than to inform employees to set operating systems and applications to auto-update. Unfortunately, the software update problem leads to a massive increase in the attack surface for most companies. As a result, it is impossible to maintain a high level of security for employees working from home on their own devices.
Managing software and keeping systems and applications up to date can be a significant challenge in remote work environments, leading to ransomware attacks. The following recommendations could ensure a more secure environment:
- Work from home focused training: Training, training, training. This cannot be stressed enough. Employees connect to their corporate networks using VPNs and should be aware of using this technology more securely. Generally, employees are trained to recognise phishing attacks and use strong passwords, but the importance of software updates is not given such priority as it used to be managed within the corporate environment. Employees should understand the consequences of out of date software and how to manage their software updates.
- Standards: Standardise the operating system and applications for all employees and ensure all devices and software installations comply with standards. As Windows 10 protects users from ransomware, it should be considered.
- Work from home policy: Inform users clearly why updates are a priority and set a policy for all to adhere to. Provide training on how to set updates to take place after hours. Ensure that employees know how to contact technical support when things go wrong.
Home network security: Train employees on how their home network should be secured and how devices can be shared securely with family members.
- Contingency plan for work from home employees: The company contingency plan should include additional scenarios around VPN access to backend servers as they are vulnerable to ransomware attacks.
In the new and changing world, where work from home and hybrid work models have become a permanent situation for many companies, new security challenges arise that require new approaches. The importance of software vulnerabilities for the work from home workforce highlighted in this discussion needs to be addressed so that the measure of protection is increased in an ever-evolving threat landscape.
About the author
Marijke Coetzee is a Professor and the Sub-head: Research in the Academy for Computer Science and Software Engineering at the University of Johannesburg, South Africa. The main focus of her research is on Information Security and Trust Management, specifically for service-oriented architectures, and mobile and wireless environments. She is a C2 rated NRF researcher and has co-authored more than 70 papers published in peer-reviewed local and international conference proceedings and journals. She acts as reviewer for various national and international conferences and is a member of the ACM, IEEE and SAICSIT.
Also this year GÉANT joins the European Cyber Security Month, with the 'Cyber Hero @ Home' campaign. Read articles from cyber security experts within our community and download resources from our awareness package on https://dev.connect.geant.org/csm2021