COVID-19 Roundup: Channel Securing Remote Workers

Written by Edward Gately
April 2, 2020

Secureworks is helping organizations cope with business disruption and remote workforce expansion.

… keep services up for a dramatically increased remote workforce. Positive Technologies‘ analysis of real attacks against mobile network operators (MNOs) and subscribers shows on average there are more than 1,400 attempts on subscriber location tracking daily.

Eighty-six percent of networks are vulnerable to traffic interception where criminals can steal one-time passwords and account credentials. In addition, nearly 100% of networks are vulnerable to spoofing and impersonation, techniques that are used together with social engineering to commit fraud.

Michael Downs, Positive Technologies’ managing director of U.K. and EMEA, tells us MNOs have generally become more vulnerable to cyberattacks over the last three years, which means that their customers also are more vulnerable by extension. Cybercriminals constantly are evolving their hacking techniques at a faster pace than MNOs are deploying new protection measures, he said.

Sign up for Channel Futures’ new EMEA newsletter, where we feature news and analysis involving companies based in Europe, the Middle East and Africa, as well as those doing business in that region.

Positive Technologies’ Michael Downs

“Security must be a priority during network design,” he said. “This is truer now than ever, as operators are tasked with keeping services running during the pandemic, and also as they begin to tackle construction of 5G networks. Attempts to implement security as an afterthought at later stages may cost much more. Operators will likely need to purchase additional equipment, at best. At worst, operators may be stuck with long-term security vulnerabilities that cannot be fixed later.”

Signaling attacks cause denial of service for customers. They also enable outsiders to track subscriber location, intercept text messages and obtain sensitive subscriber information, Downs said.

“These vulnerabilities have already been leveraged to criminally obtain access to bank accounts of network subscribers,” Downs said. “In some cases, attackers can also downgrade users to insecure 3G networks. Today, mobile operators do not have the resources and operator equipment to perform a deep dive analysis of traffic, which makes it difficult for them to be able to distinguish between fake and legitimate subscribers.”

Positive Technologies’ analysis of mobile networks has observed a low standard of security even in cases where expensive solutions had been implemented to filter signaling traffic.

“This speaks to the fact that a systematic approach to security has not been taken,” Downs said. “Proper network security is impossible without an understanding of both the relevant security threats and the holistic approach needed to resolve them.”

Lending a Hand

Other channel companies pitching in during the pandemic include:

Email security provider Vade Secure‘s new Current Events feature provides MSPs and administrators with increased visibility into all email traffic. This happens during a surge in all types of email communication, both legitimate and malicious.
Darktrace has made its full suite of solutions available for virtual deployment in direct response to the rise of remote working. Remote-working security teams can access cyber AI, letting them realize meaningful results in a matter of days.
HPE announced new virtual desktop interface (VDI) solutions for a number of its products to support remote workers. It also is offering customers flexible purchasing options to lower financial risk.