Subscribe
Author

Yogesh Yagnik

Browsing

Statistics reveal that ransomware will attack a business, a consumer, or a device every 2 seconds by 2031. And it will cost its victims $265 billion annually.

In the last five years, ransomware attacks have risen by 13% and in the first half of 2022 alone, there were around 236.7 million attacks globally.

These are very distressing numbers. Ransomware is one of the most real and present threats that organizations are facing today.

Ransomware is a type of malware used by threat actors for financial gain. It takes over the victim’s files or systems, and the attacker demands a ransom be paid in exchange for a decryption key, which organization can only hope that will return the files to their original state.

Recently, threat actors have begun to exfiltrate data during a ransomware attack resorting to “double extortion” – to blackmail victim organizations into paying the ransom to avoid having their information posted on leak sites or put up for sale.

LockBit is the world’s fastest and the most stable ransomware since 2019-2020. The LockBit 3.0 ransomware, also known as LockBit Black, operates as Ransomware-as-a-Service (RaaS). It is an improved version of its previous LockBit 2.0 and other versions.

How does ransomware work?

Threat actors infiltrate the victim organization’s network and find its way onto a device. They then encrypt the files and folders on it.

Threat actors don’t stop there. They execute enumeration activities to spread their reach laterally on to the network and can spread the ransomware from device to device, affecting all computers in a network.

How do threat actors infiltrate?

  • Email links or attachments: The user is sent a phishing email with a malicious link or attachment, which leads to either credential harvesting or the downloading of the ransomware from the file they attach on email.
  • Remote Desk Protocol (RDP): Threat actors exploit publicly available or weak credentials and brute-force or password spray via the RDP protocol to gain access.
  • Virtual Private Network (VPN): Threat actors identify and exploit unsecured and unpatched remote access VPN servers – by exploiting publicly available or weak credentials and brute-force or password spray – to gain access to a network, then distribute malware.

Recommendations to protect your data against ransomware

Identity & Authorization

  • Enforce long and complex passwords.
  • Passwords must be set to avoid dictionary words, patterns, or commonly used passwords.
  • Implement Password Change Cycle and avoid accounts with the option of setting passwords that will never expires.
  • Enforce Multi Factor Authentication (MFA) at every logon attempt.
  • Consider Phishing Resistant MFA.
  • Integrate MFA for all remote access, internet accessible and business email accounts.
  • Periodically audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
  • Periodically identify unused accounts and delete them.

Network

  • Geo Fence network perimeter – Whitelist the Geo where you operate from. Blacklist the rest.
  • House critical infrastructure on to DMZ
  • Segment networks and disable unused ports.
  • Disable inter VLAN communication or restrict to necessary communication only.
  • Disable any direct external RDP access.

Data Backup & Restoration

  • Maintain offline backups of data.
  • Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted).

General Safety Measures

  • Keep all operating systems, software, and firmware up to date.
  • Identify, detect, and investigate abnormal activities and potential lateral movements with an appropriate EDR / XDR tool.
  • Periodically review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
  • Consider adding an email banner to emails received from external organizations or domains.
  • Disable hyperlinks in received emails.

Businesses want employees to be productive and happy, which is part of the reason why organizations across the world have embraced remote and hybrid work.

But businesses also want to protect against cybersecurity risks. And unfortunately, that goal is often at odds with remote and hybrid work.

How can companies square this circle? In other words, how can they ensure that employees have the flexibility to work from anywhere, while also enforcing strong cybersecurity postures?

The answer is desktop virtualization. Virtual desktops deliver the flexibility that businesses need to operationalize remote and hybrid work, while also making it easy for IT teams to protect against the security threats that plague distributed workforces.

Why remote work breeds cybercrime

To understand why, let’s first examine how remote and hybrid work increase the security challenges that businesses face.

According to Verizon’s 2022 Mobile Security Index, nearly 80 percent of respondents report that recent changes to working practices – which include the widespread adoption of remote and hybrid work models – have adversely affected their organizations’ cybersecurity postures.

The main reasons why include:

  • Remote work makes it hard to guarantee the physical security of devices that may store sensitive business data. Attackers could steal the devices themselves to exfiltrate private information from the business.
  • Remote devices can’t be protected behind firewalls and VPNs in the same way as devices that are located on-site.
  • IT teams can’t easily monitor, patch and update remote devices in order to stay on top of security threats.
  • Remote devices often connect to business systems through insecure home networks.
  • Employees may inadvertently install malware or vulnerable applications on devices that they use when working remotely, especially if they use the devices for personal reasons in addition to working.

In short, when workers are off-site some or all of the time, it’s simply not possible to deploy the same security protections that work for on-site employees and devices.

How desktop virtualization secures modern workforces

Faced with challenges like these, some business leaders may be tempted to pull the plug on remote work policies and force everyone back in the office.

But that’s not practical in many cases. As the Harvard Business Review points out, businesses gain a variety of benefits from allowing remote and hybrid work – such as reduced real estate costs, higher employee retention rates and even increased profits.

So, instead of abandoning remote work, companies need to find ways to embrace the “new normal” of working without compromising on security. And the obvious solution is desktop virtualization.

Desktop virtualization means replacing conventional desktop computers with virtual desktop sessions hosted on servers inside a business’s data center or a public cloud. Employees can connect to these sessions from anywhere, at any time, so they get all of the flexibility that they need to work remotely.

At the same time, however, desktop virtualization plugs the most serious security gaps associated with remote work. Virtual desktops can be protected with firewalls and operated in such a way that sensitive data never leaves the virtual desktop infrastructure – so it is never at risk of physical security breaches.

In addition, desktop virtualization allows for rigid isolation between employees’ personal computing resources and business resources. Instead of mixing personal apps with business apps, virtual desktops keep business applications isolated inside the virtual desktop environment, so that malware or other threats present on local devices are essentially a non-issue from a business security perspective.

The fact that IT teams can continuously monitor virtual desktops and patch them in real time to address security threats adds yet another layer of protection for remote workers. Businesses don’t need to worry that attackers will take advantage of unmonitored, un-updated remote PCs to gain a beachhead from which they can launch further attacks against a business.

Protecting traditional PCs as well as mobile devices

The security advantages of desktop virtualization apply, by the way, regardless of which types of devices employees use when working remotely. Whether they log in from their own PCs, company-supplied laptops, or even mobile phones, they connect to secure virtual desktop environments.

That means that desktop virtualization gives employees the freedom to connect from any device they choose, while still allowing employers to enforce strong security policies.

Access controls like multifactor authentication, geofencing, and whitelisting of devices secure devices in a hybrid work environment while enforcing network controls like firewall with IPS & IDS protection further secure corporate data from bad actors.

Desktop virtualization also allows setting of desktop-level controls like Active Directory integration of authentication and Group Policy Objects (GPO)-based restrictions on virtual desktops.

Conclusion

In short, desktop virtualization provides the best of both worlds: The flexibility that employees expect from the “new way of working” and the cybersecurity protections that businesses need to keep critical applications and data secure. For many companies, there’s no going back to the old days of having everyone in the office, all of the time, which is why desktop virtualization has assumed an absolutely vital role in business success.

There’s no denying it. From a security perspective, hybrid work can be a nightmare. From the physical security threats that arise when employees store sensitive data on off-site devices that could be stolen, to the risk of passing data over insecure home networks, businesses with hybrid workforces face a whole host of security challenges that simply didn’t apply when everyone worked from the office.

That’s the bad news. The good news is that Desktop-as-a-Service, or DaaS, can shore up many of the security issues associated with hybrid work. By replacing traditional desktop computers with cloud-based virtual desktops, DaaS removes one of the core risks of hybrid work – insecure PCs – while simultaneously delivering benefits like higher productivity and enhanced workforce scalability.

It’s unsurprising, then, that 64 percent of IT leaders who responded to a recent Citrix survey agreed that DaaS is a “key factor” in their organizations’ approaches to securing hybrid work. The survey also found that improving security for hybrid workforces was the top business benefit that respondents associated with DaaS. Advantages like cost savings and improved business continuity were on the list, too, but they took a back seat to security.

To understand why so many IT leaders see DaaS a pillar of hybrid work security, let’s look at the major security challenges of hybrid work, and how DaaS addresses them.

Top Security Challenges of Hybrid Work

When businesses embrace hybrid work models – meaning ones in which employees work partly from the office, and partly from remote locations – they inevitably subject themselves to new types of cybersecurity risks.

The specific security challenges of hybrid work will vary depending on factors like which types of systems a business uses and where remote workers are based, but the risks generally fall into three main categories:

  • Data security: It’s harder to secure sensitive information when the information is stored on devices that are not located in the office. The risk of physical security breaches is higher. So is the risk that malware running on a remote worker’s PC could access sensitive business data stored on the PC.
  • Network security: Hybrid workforces can’t be protected with corporate firewalls in the same way that businesses secure traditional workforces. Firewalls simply don’t work when employees need to connect from anywhere and the IP addresses of remote endpoints are constantly changing. Solutions like VPNs can help by encrypting data, but as Forbes notes, they are “not a magic solution that prevents all security threats.” For example, malware running on a compromised remote PC could potentially intercept sensitive network traffic even if the PC connects to business systems over a VPN.
  • Software security: IT teams can’t efficiently enforce security controls through frameworks like Active Directory if devices aren’t constantly connected to the corporate network. As a result, hybrid workers may be able to install applications that introduce malware or other vulnerabilities to the systems they use when working remotely. Compromised applications could, in turn, access sensitive data that passes through employees’ devices.

The list of hybrid work security challenges could go on, but these points capture the essentials.

How DaaS Protects Hybrid Workforces

When businesses ditch conventional desktops and replace them with DaaS, many of the hybrid work security issues described above go out the window. The main reason why is that when employees no longer rely on insecure desktop computers to work remotely, the data, networking and software security issues associated with desktop computers cease to apply.

In a DaaS-based desktop environment, data never physically leaves the data center where virtual desktops are hosted. That means that physical security risks disappear. In addition, because DaaS separates virtual desktop sessions from the systems that employees use to log in, any malware or other vulnerabilities present on remote workers’ local devices remains isolated from the virtual desktop environments that they use for work.

Network security is much stronger under DaaS, too, because all data passing into and out of virtual desktop environments can be encrypted – even if hybrid workers aren’t connected to a VPN. Network data can also be subjected to firewall filters because virtual desktops can have fixed IP addresses, making it possible to deploy many of the same network-level security controls that would be in place on a traditional corporate network.

As for software security, modern DaaS platforms allow IT teams to establish whichever security rules they need to govern which software is allowed to run inside corporate desktop environments. Virtual desktops remain constantly connected to central software security and monitoring systems, regardless of whether employees are logged in or not, or where they connect from.

DaaS – A Pillar of Hybrid Workforce Security

To be sure, stronger end-user security is only one of the many benefits that DaaS delivers. Virtual desktops also provide business advantages like the ability to add desktop sessions quickly when new employees are hired, predictable monthly pricing and a significant reduction in the amount of time and effort required to administer desktop systems.
An added advantage that comes with DaaS is the flexibility it brings to employers and employees alike. While employees have the flexibility to work from anywhere – home or office – it gives employers the flexibility to hire employees even in locations where the organization has no physical presence. Unburdened by geographical limitations, DaaS also helps organizations in optimizing their office space. As for employee experience, with less time spent in commute and proper work-life balance, DaaS results in enhancing it, resulting in higher productivity.

Arguably, however, DaaS’s ability to secure hybrid workforces is one of the very most important reasons why businesses today should embrace cloud-based virtual desktops. In a world where nearly three-quarters of businesses in the U.S. have already pivoted to hybrid work or expect to do so, the security risks associated with hybrid workers who rely on traditional desktops are not going to go away on their own.

But they will disappear for companies that embrace DaaS, which provides a fundamentally more secure means of giving hybrid workers the desktop computing infrastructure and applications they need to be both productive and secure, no matter where they are based.

SUBSCRIBE TO OUR BLOG

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.