© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Mahmoud Rabi Cybersecurity Lead 2019-04-13 Securing Your Workforce In the Rise of New Workplace
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Mahmoud RabiCybersecurity Lead2019-04-13
Securing Your WorkforceIn the Rise of New Workplace
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• What has changed• New Workplace Environment Challenges• Cybersecurity Before COVID-19• Cybersecurity During COVID-19• Threat Actors Motivations• Attacks Examples• How can Cisco Help Organizations!• Cybersecurity Advices
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
HQ Work From HomeRemote Access (VPN)
1000111010010110
000011111110
New Workplace Environment Challenges
Challenges
Sudden rise of remote workers
Lack of Strategy for remote workforce
Lack of tools and experience
Limited BandwidthShortage in laptops/devices
Cybersecurity Before COVID-19
Defined Work Environment (workplace, workforce, workload)
Proper Strategy and Controls in place
Remote Workforce (users) was the minority
Swift response to incidents and breaches
Security Controls were the perimeter security
Cybersecurity During COVID-19
Workplace Environment is borderless
No well defined strategy in place
All Workforce is working remotely
Incident control is becoming extremely difficult
Each remote workers is the perimeter now!
Access from uncontrolled devices
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Window of Opportunity has Increased!
Are threat actors slowing down?
#Attacks ration is increasing
#More uncontrolled devices
#More motivation
#More vulnerabilities
#Weaker security posture
Threat Actors Motivation
#Slow IR process
…. much more
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
People have tendency for learning more about crisis increasing risks, anything concerns them; that is our nature!
“Threat Actors Understand this Psychology”
People Thirst for Information
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fake Websites Weaponized websites Oubreak heatmap Medical equipments offers (masks) Aidkits sales COVID-19 themed domain names
Phishing Attacks Legit looking emails addressing concerns Emails include attachments Emails embedded with links Advice from HR or school
More and More Attacks in Action!
More Remote Workers Than Ever More vulnerable OS & applications Less effective security controls Injecting malwares into people browsers Lack of strategy and support
situation:/# the window of opportunity is unprecedented!_situation:/#
Cyber Attacks Examples
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Malware and Phishing Campaign
Talos COVID-19 Blog
https://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.htmlhttps://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Coronaviurs Live Update Style Map
corona-virus-map.com
• Used to spread AzorUlt stealing trojan.
• People would be interested to track the outbreak progress
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Coronaviurs Live Update Style Map
corona-virus-map.com
DNS Registration 2020/02/04 06:20 DNS Queries : 2020/03/11
Subdomain: mx2.corona-virus-map.com
All Cisoc Umbrella Customers are instantly protected
Source: https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors
https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Phishing Attack Emails
• From Address is odd • Unprofessional phrases • Short paragraph • Link or attachment • Sense of urgency
Phishing email with malicious link about safety measures
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Keywords used together with corona, virus, covid for new domains:
• clinics • lab • test • selftestkit • helpline • map
Surge in New Domains
Source: https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors
https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Android App, COVIDLOCK claims to help users track the spread of the virus
• Threat actor can watch you through your cam • Listen through microphones • Download all messages
Stick to Google Play store for any coronavirus related apps
Mobile Devices Attacks
How can Cisco Help Organizations?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2020 Cisco and/or its affiliates. All rights reserved.
Cisco Helping Organizations
• Existing customers with some remote workers who require additional increased capacity
• None Cisco customers who have not had remote work as part of their internal policy who require new capabilities
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Comprehensive Free Secure Remote Work Solution
VPN Infrastructure
Multi Factor Authentication (MFA) and Secure Access to Apps
Secure Internet Access and Endpoint Security
ASA/FTD(FW) Enforce risk-based and adaptive access policies
AnyConnectVPN
Any User, Any Time, Anywhere! - On-Prem and Off-Prem . Valid till July 1st 2020
Advanced Malware Protection For Endpoints
(Windows, MAC, Android, Apple iOS)
AMPforEndpoint Endpoint protection Build Zero-Trust model by integrating
with Duo MFA
secure access to Internet off-VPN, block attacks
and threats
Umbrella(DNSSec)
Verify identity of remote users & remote devices with adaptive policy,
posture assessment
DUO(MFA)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Natively integrated secure remote worker solution
SecurityConnectivity
Cisco AnyConnect/VPN Cisco Umbrella (DNS Security)
Cisco Duo (Device trust and security posture) and AMP for Endpoint – Zero-Trust
© 2020 Cisco and/or its affiliates. All rights reserved.
Free remote worker security • Cisco Umbrella Offer – 90-day trial offer
First line of defense against threats on the internet wherever users go.
• Cisco Duo Offer* – 90-day trial offer Verify the identify of all users before granting access to corporate applications.
• Cisco AnyConnect Offer – 90-day trial offer Enable secure access to the enterprise network for any user, from any device, at any time, in any location. (Head-end VPN termination required).
• These security offers are available now through 1 July 2020.
* Please contact Cisco sales rep after 30 days.
Remote Workforce Advices!
Advices to Work Remotely Securely!
Raise Security Awareness for Employees
Sanity Checks before “Clicking”, avoid fake news…
Implement Security Controls Beyond VPN and AV i.e. MFA, Endpoint Protection, DNS security, Domain Protection, Advanced Phishing Protection…
Leverage NIST SP 800-46 Enterprise Framework Guide for teleworking and remote access
A good incident plan is better than a perfect plan
Avoid the misinformation about the COVID-19 (infodemic) : https://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-46r2.pdfhttps://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank youStay safe and security!
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank youStay safe and security!