4 Common Ways Attackers can Access a Desktop
Having access to one of your business computers is an attacker’s dream. They not only have access to the desktop’s resources, but they have full access to anything the local user has access to, which is usually corporate files and data. Attackers have several ways to gain access to a corporate machine, and here are four methods you should be aware of so that you can take steps to defend against them.
1) Phishing for Network Credentials
Most people know what a phishing email is, but they don’t know what one looks like. Would you be able to identify a phishing email from a legitimate message? Attackers bank on the recipients inability to see the red flags associated with phishing emails.
Some attackers perform heavy research and send phishing emails to specific executives within the organization. They trick them into divulging network credentials, and then it’s game over. The attacker can log in with official credentials, and then use them to send emails and make requests, usually with monetary consequences. In May 2016, an investment firm lost $495,000 from a successful phishing attack.
2) Malicious Macros and Remote Desktop Control
Several thousands of people in the Ukraine lost power when an attacker was able to remote control an internal machine. An attacker can do this several ways, but one of the most common is to trick people into running macros in an attached document. The macro silently downloads malware that gives the attacker remote access to the local machine.
The only way to protect your local network is to educate users. Don’t run macros indiscriminately on a machine unless it’s certain that it’s safe and came from another employee.
3) Tailgating – Physical Access to Your Network
“Tailgating” or “piggybacking” is a way for an attacker to gain physical access to local machines. Many organizations have a badge security system on each entryway. Employees swipe their badge for the door to open. You’ve probably seen an employee allow another employee into the building as a courtesy, just like holding the door open for another person.
While it seems like a harmless courtesy, it’s the perfect way for an attacker to gain physical access to the local premises. From there, any unlocked machine can be a vector for the attacker to steal data. The best way to defend against this attack is to require users to lock their desktops and never leave a secure door open for anyone.
4) Insider Threats
It’s hard to imagine, but insider threats are a leading cause for data theft. Insider threats are responsible for 43% of data breaches, according to an Intel report. Because employees are given trusted access to your data, it’s one of the most difficult attacks to defend against. You need your employees to have unfettered access for them to get work done, but you need to have the right security in place to avoid these attacks.
The best way to approach insider threat security is to set access based on a “need to know” policy. If the employee doesn’t need access for some kind of work function, then you shouldn’t give them access.
User Education is Key
The best defense is to keep your users educated. Once you’ve educated your users, take precautions in ways that protect your network without interfering with their productivity. Antivirus software and firewalls are just a given in any network design, but you have several other options available to you.
GateKeeper is one of those options. GateKeeper locks your user’s desktops when they walk away from it. This protects you from tailgating and any insider threats where a user accesses a desktop under another user’s credentials. It stops these attackers in their tracks, so they are unable to steal data from an unsupervised machine.