Intelligent CIO North America Issue 6 - Page 77

t cht lk

t cht lk

Rising threat # 2 – Lookalike domains
Another threat that could be on the rise is Lookalike Domains . Cybercriminals are moving to lookalike domains to fool victims in their efforts to impersonate the target organization or brand .
VPNs may not provide the level of security that ’ s necessary in today ’ s threat environment .
Often phishing websites feature domains that impersonate the real brand . These are crafted by cybercriminals to resemble the legitimate brand ’ s domain . Character substitution is a popular technique employed by cybercriminals with the goal of manipulating users into exposing credit cards , passwords and other sensitive data .
Virtual Private Networks ( VPNs ) have been touted by some as a solution to the challenge of securing employee ’ s access to the corporate network . VPNs encrypt a user ’ s web traffic and send it through a private connection to the corporate network , allowing employees to access corporate data and applications with some measure of security and privacy .
Researchers also found that cybercriminals are using valid Transport Layer Security ( TLS ) certificates which is an attempt to make the lookalike domains appear legitimate . In late 2019 , researchers note that there were more than 100,000 lookalike domains impersonating legitimate retailers . Industries that can be heavily impacted by these types of attacks are retail and banking , where users typically enter their credentials to execute a transaction .
Rising threat # 3 – Data exfiltration
Your work from home users are still accessing , interacting with and storing corporate data on their devices , as part of their day to day business operations . But they are now doing it outside the corporate perimeter .
That data , even if stored on company-provided devices , could be exposed to theft . DNS tunneling or data exfiltration is an attacker technique that uses malware to gather sensitive data from a compromised system . It packages up the data into small chunks and embeds them within a string of DNS queries . The DNS queries carrying the data are then delivered to a server hosted by the attacker on the Internet , where the stolen data can be easily reassembled .
Rising threat # 4 – Non-compliant website access
While this is not technically an attack or a malicious campaign launched by bad actors , companies could still be faced with the problem of their work from users accessing websites and destinations not in compliance with their policy during working hours using corporate provided devices . This could include websites related to social media , violence and adult content . While it ’ s second nature for employees working in the office to know that such access is not appropriate or compliant , at home those same employees may have more of a lax attitude .
Today , however , due to the proliferation of cloudbased applications like Office 365 , SFDC , Google Drive , and others , it is uncommon for organizations to rely solely on VPN-based access to corporate resources . Instead , VPN is usually used to access just a small subset of internal corporate platforms , leaving remote users unprotected when accessing these cloud-based applications and exposed to threats on the Internet .
Furthermore , VPNs may not provide the level of security that ’ s necessary in today ’ s threat environment . Malicious cyberactors are finding and targeting vulnerabilities in VPNs as employees increasingly use them for telework amid the pandemic . And since VPNs are considered 24 / 7 infrastructure – that is they are always on to facilitate secure connection to the enterprise network , organizations are less likely to keep them updated with the latest patches .
Finally , since many VPN providers charge by the user , many organizations may have a limited number of VPN connections available , meaning that any additional employees can no longer telework or securely access corporate data .
In this environment , one of the best and most costeffective ways enterprises can secure such a largescale tele-workforce is by using DNS as a first line of defense . Every connection to the Internet goes through DNS – those working from home are typically using either public DNS or DNS provided by their Internet service provider , both of which seldom do security enforcement on DNS . Companies are increasingly interested in implementing secure DNS services that can quickly start protecting their remote workforce .
A recommendation is to use secure DNS services that can extend enterprise-level security to teleworking employees , their devices and corporate networks , no matter where they are located . p
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 77