In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint advisory regarding the rise of malicious use of remote management and remote access software. We spoke with Jerry Hsieh, the VP of Security & Compliance at Splashtop, regarding the attacks and how remote access users can protect themselves and their companies from attacks like these.How Are Cybercriminals Using Remote Access Software Maliciously?
In June of 2022, cybercriminals coordinated a spear phishing campaign to target government employees. The phishing campaign pushed the government employee to complete the following actions:
Call from an unfamiliar number impersonating IT or support technicians, which prompts the employee to visit a mysterious website
The mysterious website provided instructions on downloading and setting up remote access software
The employee successfully installs the software, granting the cybercriminal access to the device
How these cybercriminals are using remote access software is not unusual. What they’re exploiting here is human weakness.
“Human beings are the weakest link in cybersecurity,” states Jerry Hsieh, the VP of Security & Compliance at Splashtop.
Cybercriminals are posing as trusted coworkers and targeting employees who may not be as educated in terms of cybersecurity. By exploiting this weakness, that employee may download remote access software at the request of the cybercriminal, where the criminal can then gain access to the victim’s device.The Biggest Threat to Cybersecurity Has Nothing to Do with Technology
“I get phishing messages forwarded to me all the time from our employees,” Hsieh says. As someone with decades of experience in the cybersecurity space, Hsieh has seen his fair share of creative attacks on businesses. Even after his decades of experience, there’s a common thread among all these creative attacks—human weakness.
“An intern or fresh graduate may post that they started a new role at a company on LinkedIn,” says Hsieh. “Those cybersecurity criminals may target that intern and identify them as a weakness, then target them to gain access.”Mitigating Cybersecurity Attacks
When it comes to minimizing cybersecurity attacks, it’s important to identify all potential vulnerabilities. Regarding the social aspect, Hsieh has one suggestion.
"The best thing to prevent phishing attacks is to be skeptical about everything,” Hsieh says. “When in doubt, ask your security team.”
Phishing and other social deception tactics are some of the easier ways for cybercriminals to gain access rather than brute force. Here are a few ways you can mitigate this from happening.
Adopt Robust Security Training Practices
If human beings are the weakest link in regard to cybersecurity, the best thing you can do is to armor your employees with the right defenses and education. Regularly test your employees on cybersecurity best practices and adopt secure practices for your company.
Some regular best practices, such as enforcing multi-factor authentication, adopting single sign-on tools, or regularly requiring your employees to change passwords, are a good place to start. While they’re not going to stop any social deception, it does help them understand the importance of security and to think more about why data security is important.
When training employees on security practices, ensure that topics regarding phishing and ransomware are highlighted. With generative AI on the rise, these phishing scams are becoming more sophisticated and pose as genuine employees, going so far as to model how they communicate and mimic their relationships with other coworkers. One easy way to ensure that the requests employees are receiving are legitimate is to verify communication on two different channels, or even better, in person.
Encourage Skepticism and Prevent Shame
Building a culture where it’s safe to report suspicious behavior is paramount to protecting your employees. If an employee has any potential security concerns, there should be processes set in place for employees to report them in a way that minimizes backlash on their part.
“People are afraid of punishment,” says Hsieh. “Ransomware may target embarrassing habits—they don’t want to be ashamed.”
Shame is a major hindrance for employees to report cybersecurity issues, and you can avoid that by encouraging reporting instead of punishing employees for a potential mistake. The best way to do this is to clarify your reporting policy and clearly outline what happens to employees if cybersecurity breaches happen on their account. The best way to prevent this is to minimize blame altogether — the problem is not your employee, it’s the cybercriminal looking to target them.
Keep Access to Data Sources On a “Need to Know” Basis
Minimizing data access is another simple, yet common cybersecurity best practice that can help prevent major data leaks and breaches. Consider if a cybercriminal successfully phished an intern using remote access software—what data would they have access to?
If you provide every single employee with the same amount of access to everything, that makes it easier for cybercriminals to target your organization. Instead, only provide access to the employees that need to have it. That way, if a different employee does get targeted, the amount of data the criminal has access to is contained to just what that employee works on, and not to the entire organization’s worth of data.No Such Thing as the “Best” Security Tool
Cybersecurity is always adapting and changing, which means that the ways that cybercriminals can get around software will become more sophisticated.
“There’s no such thing as the best security,” Hsieh states. “Only better security.”
Hsieh and the Splashtop team live by this quote to continuously stay on their toes and find different ways to remain vigilant in the wake of ever-changing technology. If your team is looking for ways to improve their cyber security processes, consider Splashtop Secure Workspace.
Splashtop Secure Workspace is a secure access platform that helps secure access to your team’s accounts, provide remote working access, and simplify logins all in one convenient platform. Learn more about how you can secure your workspace with Splashtop.