How to Minimize the risk of Cyber attack in a Remote Working Environment?
Hackers used the zero-day to gain control over Sangfor VPN servers, where they replaced a file named SangforUD.exe with a boobytrapped version. This file is an update for the Sangfor VPN desktop app, which employees install on their computers to connect to Sangfor VPN servers (and inherently to their work networks).
Qihoo researchers said that when workers connected to hacked Sangfor VPN servers, they were provided with an automatic update for their desktop client, but received the boobytrapped SangforUD.exe file, which later installed a backdoor trojan on their devices.
Almost all remote working connections extensively rely on VPN technology. However, the internet security gaps exist in endpoints and browsers at where 80% of hacking’s occur. Unfortunately, VPN technology cannot address these gaps.
Remote work is a popular use case, and in light of the Covid-19 outbreak, many companies are rushing to deploy VPNs to enable employees to work remotely.
When users authenticate into their company’s VPN, a virtual network interface is created. Traffic from the user’s device is then redirected into & from the company’s network. Any application on the user’s device can then access the company’s network – including printers, files shares, servers & databases, intranet-based web apps, and legacy apps. analyze the work and study in the past year, find out the experience and lessons from it, draw out the regular knowledge, and guide the work and practice in the future.
Prabakaran Ramachandran, an internationally experienced Cybersecurity and IIOT consultant, Prabakaran holds an Engineering and MBA degree, after which he worked in London helping clients across the world to provide Cyber security, Risk management, DRP, BCP & IIOT – services and solutions for all industry verticals. Prabakaran demonstrated his experience and skills to help corporate’s achieve business excellence by conducting audits on all technology verticals.
Prabakaran Ramachandran can be reached at firstname.lastname@example.org