Recent hacks have prompted Canada’s cybesecurity monitor to warn IT administrators to immediately patch critical infrastructure and implement two-factor authentication (2FA) where possible.
The general alert issued on Tuesday by the Canadian Centre for Cyber Security, the federal government agency that advises the private and public sectors, doesn’t name specific incidents. Instead, it points to previously published warnings about attacks on virtual private networks — which are increasingly being used by organizations making employees work from home due to the COVID-19 crisis — and to a March alert on patching a vulnerability in several versions of Microsoft Exchange Server.
More recently the centre, along with the U.S. and U.K., warned that nation-states are targeting universities and pharmaceutical companies conducting COVID-19 vaccine research.
“In recent months, the Cyber Centre has been made aware of several compromises of computer networks in Canada,” Tuesday’s alert says. “The compromises took advantage of vulnerable, less secure implementations of remote access services. In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version.
“The malicious activities were reported to the Cyber Centre in June and July 2020. Incidents included intensive reconnaissance-style scanning of target networks, followed by the successful compromise of vulnerable and improperly secured servers and network access devices. In some instances, malware was installed, and compromised infrastructure may have been used in attempts to compromise different networks and/or other organizations. Threat actors may have remained active on compromised networks for a period of months before their activities were detected.”
The alert pointedly notes that the centre has already published many advisories and alerts on the dangers of hacking through weakly-protected remote services.
As far back as April, security vendor Kaspersky was also warning that generic brute force attacks on computers and servers allowing access through Microsoft’s remote desktop protocol were skyrocketing.
“The Cyber Centre is urging Canadian organizations to apply all security updates to their internet-facing services and enable 2FA for all remote access accounts,” says the latest federal alert. “Organizations failing to apply security updates in a timely manner and not using 2FA are exposing themselves to compromises such as information theft and ransomware.”
The centre urges admins to:
- Assess their networks for the presence of vulnerable software, particularly where it is installed on devices exposed to the internet, and patch as soon as possible to the latest version;
- Implement 2FA on all internet-facing remote access services, starting with perimeter security devices such as firewalls and remote access gateways for teleworkers and administrators;
- Consider measures to limit the amount of sensitive information that malicious actors can collect about their networks by:
- Using open source tools to scan their networks for un-necessary or inadequately secured open ports.
- Implementing an intrusion protection system to reduce the effectiveness of malicious vulnerability scanning activities.
- Configuring internet-facing web servers with minimalist error pages that don’t leak product and version information.