1. Problem Statement
Due to recent Pandemic situation, all organizations have enabled work from home for their employees in a very short span of time. Implementing VPN for such masses and enabling connections through BYOD or company’s laptop has certainly increased risk of breach attack on the organizations. Following issues might have been overlooked by organizations, due to urgency in restoring the operations.
- Threats on/from client side environment (BYOD/Company’s laptop), which might be connected to an insecure home router or carry a backdoor installed by a hacker.
- Threats on perimeter firewalls, internal network and applications due to poor VPN implementation.
- Threats on internal network due to vulnerabilities in remote connection applications (Webex, CISCO meeting app, etc).
2. Solution: “Work From Home” Attack Simulation
2.1 BYOD Systems
Since a user owns the hardware and software and has administrative access, it is possible that he/she can manipulate any software/driver/firmware or let an attacker modify it by a malware.
In which case the BYOD device can act as entry point for an attack or as an exit point for data exfiltration attack.
All types of attacks provided below will be tested on BYOD systems.
2.2 Company Owned Systems
Since company owned systems will not have administrative attacks. We will try and create scripts that can do the work for us. All attacks mentioned above in the BYOD attacks will be launched on these systems using techniques that may not require installation of any new programs such as scripting tools. Using the following default scripting languages available in windows platform we will carry out the attacks.
- Powershell scripting
- VBS scripting
- Macro Scripting
- Batch scripting
Currently Qseap has 50+ scenarios related to VPN, remote connections and Work From Home attacks. Following diagram provides an approach overview of the assessment: