Cloud Threats Memo: Continuing Trends in Risks to Remote Working

After a Summer break, our Cloud Threats Memo is back!

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have recently published a joint advisory providing details on the top 30 vulnerabilities routinely exploited by malicious cyber actors in 2020 and those widely exploited in 2021 so far. The findings are not particularly surprising for us, in a previous memo we already illustrated the risks of the shift to remote working deriving from the unprecedented wave of severe vulnerabilities that have hit traditional remote access technologies, and this advisory just confirms the same figures: the top three routinely exploited vulnerabilities according to the CISA, the ACSC, the NCSC, and the FBI concern traditional remote access technologies. Along with three VPN technologies, the list contains a number of internet-facing technologies (application servers and load balancers) that have been regularly exploited by criminals.

Table showing the top routinely exploited CVEs in 2020, as detailed in the AA21-209A alert — Top Routinely Exploited CVEs in 2020 as detailed in the AA21-209A alert

Unsurprisingly this trend is continuing in 2021.

Providing access to a corporate network, these vulnerabilities can be equally exploited by ransomware gangs and APT actors. Additionally, some of them date back more than three years, so the systematic exploitation of these vulnerabilities has allowed the so-called initial access brokers to accumulate a trove of compromised credentials that they then outsource to cybercriminals or state-sponsored actors.

Providing a Zero Trust alternative to remote access technologies and exposed services.

Netskope Private Access allows you to publish resources in a simple and secure manner providing a Zero Trust alternative to legacy remote access technologies and preventing the direct exposure of services like SMB, RDP, SSH, or even on-prem Exchange and Sharepoint. It is possible to publish and segment virtually any application located in a local data center, as well as in a private or public cloud, without opening any inbound service that can be probed by threat actors. There is also no need for any on-prem hardware device to install, patch, and maintain, which avoids scalability issues and performance bottlenecks. Finally, a check on the security posture of the endpoint is enforced before accessing the target application. A smarter and more secure way to provide remote connectivity in the “new normal.”

Stay Safe!

Paolo Passeri

Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.

More Articles by Paolo Passeri

card shape

Cloud Threats Memo: A Parasite Exploiting Legitimate Cloud Services

By Paolo Passeri

card shape

Five Threats Predictions To Note For 2024

By Netskope Staff

card shape

Netskope Threat Labs Stats for October 2023

By Leandro Fróes

Stay informed!

Subscribe for the latest from the Netskope Blog