No matter what method of remote access your organization utilizes, it’s created and supported by a third-party vendor. That makes the vendor (and Remote Access solution) part of your supply chain – which should be a concern within the context of your organization’s cybersecurity stance. Cybercriminals are looking for exploits in the software supply chain now more than ever, with dark web posts offering millions of dollars for zero-day exploits.
Recent industry data agrees that:
- The supply chain was responsible for 62% of System Intrusion data breach incidents
- Vulnerability exploitation was the top infection vector in 34% of cyberattacks
- The primary infection vector in 64% of successful ransomware attacks in the last 24 months was third-party supply chain compromise
The MITRE ATT&CK Framework defines an exploit as “a software vulnerability to take advantage of a programming error in a program, service, or within the operating system software or the kernel itself.” The framework cites the use of exploits for a number of malicious reasons in Enterprise environments:
- Privilege Escalation (MITRE Technique T1068)
- Client Execution (MITRE Technique T1203)
- Defense Evasion (MITRE Technique T1211)
- Credential Access (MITRE Technique T1212)
Remote Access is so important to cybercriminals that MITRE mentions the malicious use of “remote services” a number of times within the Framework (as demonstrated above), including the specific exploitation of solutions providing remote access for lateral movement (Exploitation of Remote Services T1210).
So, it becomes somewhat evident that solutions providing Remote Access functionality should be a bit more important to the security of your software supply chain. Sure, every piece of software in your supply chain is important to secure. But taking MITRE’s lead, any “remote services” are already a focus for cybercriminals and, therefore, present a higher degree of risk, requiring you to ensure your Remote Access solution is secure.
There are two high-level concerns you should be reviewing to ensure your Remote Access solution is secure. One revolves around the security state of the solution itself, and the other has to do with how the solution is used.
Your Remote Access Solution Should Be Invulnerable
It’s a tall order, as zero-day exploits conceptually exist. But continually striving to reach the goal of keeping your Remote Access solutions as invulnerable to attacks as possible is key. This starts with keeping any solution that is part of your software supply chain continually updated.
Many cybersecurity standards, cyber insurance requirements, and regulatory frameworks are all adding in the need for organizations like yours to consider, assess, and manage any supply chain risk that may exist. So, it becomes important to also inquire with your Remote Access vendor about the current state of the security of their solution, its architecture, services, executables, etc.
Credible external validation of your vendor’s security provides substantial evidence of any claim that a Remote Access solution is secure. For example, RealVNC recently underwent an external security audit of their solution by security analysis vendor Cure53. This analysis included both white-box penetration testing, as well as an audit of the source code. This included all solution clients, applications, servers, and related backend APIs.
This is a great example of not just a vendor establishing their solution is secure, but also of the kind of documentation that is helpful in circumstances where your organization needs to demonstrate low or no risk in the software supply chain.
Your Remote Access Authentication Should Also Be Secure
It’s important to truly know the solutions your organization relies on are secure, but it’s also just as critical to know that the way you use your Remote Access solution reduces the attack surface by threat actors. There are a number of specific threat techniques used to take advantage of existing Remote Access services in place. In most of these cases, the threat actor either has a compromised set of credentials in their possession or is using a password spraying technique to guess the password of a given credential.
To counteract this, the use of your Remote Access solution should include secure authentication that looks beyond simple username-password combinations. Integration with external directory services (such as Active Directory and cloud-based identity stores) is a good starting point and can help ensure complex passwords that are difficult to guess are used via password policies. The use of multi-factor authentication is probably the most important, as it mitigates attacks via Remote Access regardless of whether the credentials are compromised or if password spraying is used. It’s also important to note here that this use of MFA is important regardless of whether the Remote Access is exposed to the Internet or used internally, as threat actors use each for different purposes during a cyberattack.
Remote Access Security Can Determine Organizational Security
With Remote Access connecting users directly to internal resources, a vulnerable Remote Access solution can be the sole difference between a secure and insecure environment. So, it’s critical that organizations assess the risk a Remote Access solution introduces. Whether it’s due to the potential security state of the solution itself, or how that solution is configured to be used, any increased risk to the organization must be identified and mitigated.
By verifying that your Remote Access solution has been externally validated as being secure from both a code review and penetration testing perspective, you effectively minimize the software supply chain risk your chosen solution poses. And by introducing secure authentication – specifically multi-factor authentication – you, at a minimum, make it incredibly difficult for Remote Access to be used for nefarious purposes if not stop them completely.
Remote Access will continue to be a necessity for organizations. But so will threat actors and cybercriminal groups that assume you have some form of Remote Access in place and are looking to take advantage of it. By looking to ensure your Remote Access solution is secure, you minimize the threat surface that Remote Access inherently introduces for both externally-, and internally facing remote services.