Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game – 10 minute mail

Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too

The COVID-19 pandemic has radically changed the nature of everyday work, forcing employees to do large parts of their jobs via remote access. Cybercriminals – especially ransomware operators – are aware of the shift and attempt to exploit the new opportunities and increase their illicit earnings. ESET telemetry confirms this trend in an uptick in the number of unique clients who reported brute-force attack attempts blocked via ESET’s network attack detection technology.

Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department. But the coronavirus pandemic has brought a major shift to the status quo. Today, a huge proportion of “office” work occurs via home devices with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP) – a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers.

Despite the increasing importance of RDP (as well as other remote access services), organizations often neglect its settings and protection. Employees use easy-to-guess passwords and with no additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems.

That is probably also the reason why RDP has become such a popular attack vector in the past few years, especially among ransomware gangs. These cybercriminals typically brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions and then run ransomware to encrypt crucial company data.

The growing number of unique clients who have reported an RDP attack attempt is visible in data gathered by ESET telemetry (see Figure 1).

Figure 1. Trend of RDP attack attempts against unique clients (per day), detected by ESET technologies

Brute-force attack protection

To address the growing risks posed by increasing RDP use, ESET researchers have devised a new detection layer that is hidden under the hood of ESET Network Attack Protection and is designed to block incoming brute-force attacks from external IP addresses, covering RDP as well as SMB protocols.

Called ESET Brute-Force Attack Protection, this new layer detects groups of failed login attempts from external environments, which hint at an incoming brute-force attack, and then blocks further attempts. Subsequently, the biggest offenders among these IP addresses are added to a blacklist, which protects millions of devices from future attacks.

The new technology has proven to be effective against both random and targeted attacks. For it to work properly, the RDP option Network Level Authentication (NLA) on server must be enabled.

According to ESET telemetry, most of the blocked IPs in January–May 2020 were seen in the United States, China, Russia, Germany and France (see Figure 2).

Figure 2. Countries with the largest number of all blocked IP addresses (between Jan 1 and May 31, 2020).

Countries that had the largest proportion of targeted IPs were Russia, Germany, Japan, Brazil and Hungary (see Figure 3).

Figure 3. Countries with the most brute-force attacks reported by ESET telemetry (between Jan 1 and May 31, 2020).

How to configure remote access correctly

Yet, even with protective measures such as ESET Brute-Force Attack Protection, organizations need to keep their remote access properly configured:

  • Disable internet-facing RDP. If that is not possible, minimize the number of users allowed to connect directly to the organization’s servers over the internet.
  • Require strong and complex passwords for all accounts that can be logged into via RDP.
  • Use an additional layer of authentication (MFA/2FA).
  • Install a virtual private network (VPN) gateway to broker all RDP connections from outside your local network.
  • At the perimeter firewall, disallow external connections to local machines on port 3389 (TCP/UDP) or any other RDP port.
  • Protect your endpoint security software from tampering or uninstallation by password-protecting its settings.
  • Isolate any insecure or outdated computers that need to be accessed from the internet using RDP and replace them as soon as possible.
  • For a detailed description of how to set up your RDP connection correctly, please refer to this article by ESET Distinguished Researcher Aryeh Goretsky.
  • Most of these best practices apply to FTP, SMB, SSH, SQL, TeamViewer, VNC and other services as well.

Ransomware, coin miners and backdoors

Encryption of data and subsequent extortion is in no way the only scenario that could follow an RDP compromise. Frequently the attackers try to install coin-mining malware or create a backdoor, which can be used in case their unauthorized RDP access has been identified and closed.

Other common scenarios following an RDP compromise can include:

  • clearing of log files, thus removing the evidence of previous malicious activity,
  • downloading and running the attacker’s choice of tools and malware on the compromised system,
  • disabling of scheduled backups and shadow copies or completely erasing them, or
  • exfiltrating data from the server.

Black hats have been trying to exploit RDP for years, as documented by our blogpost from 2013. Steadily growing numbers of RDP attacks over the past few years have become the subject of numerous governmental advisories including the FBI, the UK’s NCSC and Australia’s ACSC.

This only demonstrates how crucial the security of remote access has become, potentially making or breaking a company’s future. And even if the damage to an organization’s reputation can be managed, there are financial losses, stalled operations and expensive recovery efforts that need to be accounted for. This doesn’t consider the additional costs of potential penalties that can be issued by authorities under data-protective legislation such as GDPR (EU), CCPA (California) or NDB (Australia).

Whether or not there’s a pandemic, businesses should manage the risks posed by wide usage of RDP or other similar services by reinforcing their passwords and by adding other protective layers, including multi-factor authentication and a security solution that defends against attacks based on RDP and similar protocols.



Ondrej Kubovič


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Majority of new remote employees use their personal laptops for work – 10 minute mail

And many of them didn’t receive any new security training or tools from their employer to properly secure the devices, a study finds

With the COVID-19 pandemic surging around the world, many companies have had to switch to a work-from-home policy to keep their employees safe. The rush to remote work didn’t come without risks; an IBM survey found that newly-minted remote workers actually present a significant cybersecurity risk – however, they may not be to blame.

Surveying more than 2,000 United States-based employees newly working from home, IBM found that even though eight in ten respondents were confident in their company’s ability to handle cyberthreats stemming from remote work, nearly half didn’t receive any additional cybersecurity training since going remote.

That’s a worrying state of affairs, since underestimating proper cybersecurity training for employees can eventually backfire. ESET Chief Security Evangelist Tony Anscombe described the problem succinctly in his article on the COVID-19-powered shift to remote work: “Don’t assume that all employees can switch to remote working effectively and with little assistance or guidance. Home is not the office and they may need significant assistance to adapt.”

The switch has also impacted the way companies go about conducting their daily activities, including meetings. “The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools—yet the survey showed many employees are lacking guidance, direction, and policies,” said IBM in a press release.

Over half of the respondents said they participate in one to five videoconference calls per week, with an additional 20% saying that they participate in six to ten such meetings per week. Yet over half of them said that their employer did not introduce or were unsure of new cybersecurity policies around videoconferencing.

While conducting meetings over videoconference calls adheres to social distancing rules and keeps everyone safe, from the virus at least, there should be policies and rules in place to keep the calls safe as well. Topics discussed over conference calls may vary and can include a whole range of confidential information and may even necessitate file transfers, so you want to avoid intruders from getting unauthorized access. Therefore, there are several things you should consider before hopping on a conference call, including making sure that no sensitive information visible on camera and that your call is secured by a password and, ideally, end-to-end encrypted. You can read up on all our recommendations on secure videoconferencing while working from home.

Since we’ve already mentioned encryption, we’d be remiss in omitting another important step towards keeping your work data secure – a virtual private network (VPN). It allows you to encrypt your internet traffic and provides you with access to data you would be only able to access on your company’s network. Most companies usually set up the connection between the main office and your remote workspace through their IT department, however if your company doesn’t have an IT department, you can do it yourself and it is worth the added sense of security.

Although IBM’s survey may call into question the approach companies take to working-from-home cybersecurity practices, it is worth noting that everything had to be done on the fly, since nobody could have planned for the pandemic. Although that is no excuse, companies can patch up the holes in their security by arranging for proper security training for their employees, providing secure remote access, as well as adding an extra layer of security using multi-factor authentication.

ESET has been here for you for over 30 years. We want to assure you that we will be here in order to protect your online activities during these uncertain times, too.
Protect yourself from threats to your security online with an extended trial of our award-winning software.
Try our extended 90-day trial for free.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

App Recap: Pastel, Punkt, Remote Control for Mac and Major App Updates

In this week’s App Recap, we’ve highlighted utility app “Pastel,” health app “Punkt,” and utility app “Remote Control for Mac/PC Pro” as three apps that are worth checking out. We’ve also compiled a list of apps that received major updates this week.


Apps to Check Out

  • Pastel (iOS, Free) – Pastel, an app marketed for developers and artists, allows for the creation of color palettes for use in various projects. Pastel includes diverse color selector options such as a color wheel, RGB sliders, crayons, and even the ability to import specific colors from a photo. In addition, the app allows users to copy a bitmap representation of a palette for use in a pixel editor. The free version of Pastel allows users to add up 20 palettes in their library, and users looking to upgrade to the full version that includes an unlimited number of palettes can opt for a single in-app purchase of $4.99.
  • Punkt: One-Sentence Journal (iOS, Free) – With its streamlined interface, Punkt makes day-to-day journaling very straightforward and intuitive. When crafting a story, users simply add a single sentence. Additionally, users have the ability to select from a list of feelings and reasons, enter a specific location, and add photos to bring the story to life. Every story is saved on both the device and in iCloud, and users looking for more protection can protect stories with either Face ID or Touch ID. Although the app is free to download, adding photos and creating an unlimited number of stories per day is limited to those with a premium subscription. Punkt offers a range of monthly subscriptions in which users can choose to contribute a certain amount per month, an annual subscription, and a lifetime membership, which are priced at $0.99-$2.49, $6.49, and $13.99 respectively.
  • Remote Control for Mac/PC Pro (iOS, $6.99) – Remote Control seamlessly pairs to a Mac client app that introduces efficient productivity methods for users. Users are able to control volume, playback, and AirPlay mirroring directly from an iOS device. Additionally, the app can morph into a trackpad for a Mac, control any app, launch and quit apps, and more. All of Remote Control’s features are included with its purchase price, so no extra in-app purchases are present. In addition to the paid version, Remote Control’s developer has also released a free version of the app that contains ads and all of the pro version’s features without keyboard and trackpad input and basic system media controls.

App Updates

  • Darkroom: Photo & Video Editor – Popular editing app Darkroom was updated this week with the ability to manage albums within the app. In the library that’s located within the Darkroom app, users now have the ability to create, rename, and delete albums. Any changes made within Darkroom will be reflected in the device’s native photo library.

  • Spike (iOS) – Collaborative email app Spike this week announced a major update that gives users the ability to manage tasks, create notes, and collaborate on documents in real-time without the need to leave the app. The new tasks feature allows users to seamlessly set reminders and set to-dos, which can help enhance day-to-day productivity. Spike has also added the ability to sync notes and tasks across all devices signed into the same account.
  • Phone Buddy Notifier for Watch (iOS) – Phone Buddy, an Apple Watch app that alerts users when the Bluetooth connection with a paired iPhone is lost, was updated recently with several new features. The Distance Alerts feature was updated with a new customizable distance threshold for signal strength and time. In addition, the iPhone app was updated with a streamlined interface, and it’s now possible to manage all alerts directly on the Apple Watch companion app.

Know of a great new app that we’ve missed? Let us know in the comments and we’ll check it out for next week’s App Recap.

Tag: App Recap

This article, “App Recap: Pastel, Punkt, Remote Control for Mac and Major App Updates” first appeared on MacRumors.com

Discuss this article in our forums


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Quasar RAT – Windows Remote Administration Tool – 10 minute mail

Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring.

Quasar RAT - Windows Remote Administration Tool

It aims to provide high stability and an easy-to-use user interface and is a free, open source tool.

Features of Quasar RAT Windows Remote Administration Tool

The main features that can be found in Quasar are:

  • TCP network stream (IPv4 & IPv6 support)
  • Fast network serialization (Protocol Buffers)
  • Compressed (QuickLZ) & Encrypted (TLS) communication
  • UPnP Support
  • Task Manager
  • File Manager
  • Startup Manager
  • Remote Desktop
  • Remote Shell
  • Remote Execution
  • System Information
  • Registry Editor
  • System Power Commands (Restart, Shutdown, Standby)
  • Keylogger (Unicode Support)
  • Reverse Proxy (SOCKS5)
  • Password Recovery (Common Browsers and FTP Clients)

Using Quasar Windows Remote Administration Tool

1. Download Quasar

Usually most users want the stable version of Quasar, which can be found on the releases page. Bleeding edge versions with latest features, improvements and bug-fixes can are located at the CI server. These builds should be used with caution as they may contain critical bugs.

2. Building a Client

After starting Quasar.exe for the first time, you will need to build a client for deployment. Use the button Builder at the top of the Quasar application to start the client configuration. After configuring the client for your needs, click the Build button and choose a location to save the built client.

3. Connecting the Server and Client

The standalone client from the previous step has to be deployed on the computers of the users. Simply executing the client on the computers is enough. The client will take care of the installation, startup, etc… Once installed the client will try to connect to your Server on the specified host-name and port. It might be necessary to set up port forwarding to your local Server if it is behind a firewall in your network. You can use automatic forwarding with UPnP in the settings if it’s being supported by your firewall/router.

You can download Quasar here:

Quasar.v1.3.0.0.zip

Or read more here.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Sophos found the group abusing NSIS installers and deploying remote access tools (RATs) – Disposable mail news


Security Researchers at Sophos have found the hacking group that hacked industrial companies using NSIS installers in order to deploy remote access tools (RATs) and info- stealing malwares.

The hacking group was “RATicate’s” which has been targeting companies from Europe, the Middle East, and the Republic of Korea in not one but five campaigns between November 2019 and January 2020. But Sophos researchers suspect that this group was behind other past attacks too.

These targeted companies were from the industrial sector, particularly companies focused on manufacturing to investment firms and internet companies. Namely,

  • “an electrical equipment manufacturer in Romania; 
  •  a Kuwaiti construction services and engineering company;
  •  a Korean internet company; 
  • a Korean investment firm;
  • a British building supply manufacturer; 
  • a Korean medical news publication; 
  • Korean telecommunications and electrical cable manufacturer; 
  • a Swiss publishing equipment manufacturer; 
  • a Japanese courier and transportation company.” 

( as reported by bleeping computer in their blog)

 Two Infection Chains 

The hackers used two infection chains to infect the computers by using phishing emails to deploy payloads but with a small difference.

  •  The first chain had ZIP, UDF, and IMG attachments carrying NSIS (Nullsoft Scriptable Install System) installers. 
  •  The second chain had XLS and RTF docs that downloaded the payload from a remote server to the user’s machine. 

“We considered two possible scenarios: either the malicious NSIS package is a generic packer sold on dark forums; or, the same threat actor is using a custom loader to deploy different payloads in a variety of their attacks,” Sophos reports.

NSIS installers hid the dropped malware by spamming and dropping junk files like images, source code files, shell scripts, and Python binaries.

“During the analysis of the samples we collected—conducted both manually and with the aid of sandboxing tools—we found several different families of RATs and info stealers,” Sophos explains.

“These included Lokibot, Betabot, Formbook, and AgentTesla. But all of them followed the same multi-stage unpacking process when executed.”

 One Actor-Multiple Campaign 

Sophos found that this group RATicate was the key player behind five sequential campaigns between November 2019 and January 2020 using similar payloads and commands.

 The security researchers “found that some of the different payloads from each campaign (mostly Betabot, Lokibot, AgentTesla, and Formbook) shared the same C&C,” suggesting the same threat group.

“There was also a distinct clustering of the campaign timelines—there was never any overlap between them, suggesting that they were operated serially by the same threat actors.”

“Some of the infrastructures were also shared across multiple campaigns, which also suggests the same actor was involved across all of them,” states Sophos.

Now, the RATicates have found a new lure and payload – using COVID-19 to trick people into installing malwares in their systems.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

The Russian State Duma adopted a law on remote voting – Disposable mail news

The State Duma adopted in the second and third readings amendments of deputies of United Russia that simplify the organization of elections in the context of a pandemic. Both postal voting and remote electronic voting will now be possible for all levels of elections.

Recall that the beginning of the pandemic of coronavirus infection served as a kind of trigger for the introduction of remote voting. This was stated by the political party United Russia. For this purpose, an electronic voting system based on blockchain technology has been developed.

First Deputy Chairman of the State Duma Committee on state construction and legislation Vyacheslav Lysakov stated that the bill adopted by the State Duma is due to technological progress and digitalization of many areas of life.

“Taking into account modern realities, it is extremely important to modernize and promote processes, including voting. I think this is an absolutely normal step. We are moving towards reducing the paper document flow,” explained the parliamentarian.

However, experts say that it is difficult to control voting in such an election.

“This is a very dangerous initiative in the conditions of general distrust of our electoral system. It is simply impossible to check that everything went correctly. Civil Control over this form of voting is reduced to a minimum,” said Grigory Melkonyants, co-chair of the movement Voice for the protection rights of voters.

The expert added that it is impossible to verify that the voter votes personally, that the secrecy of the vote is respected. In addition, you cannot be sure that all votes will be correctly considered.
Earlier, Disposable mail news reported that electronic voting in Russia is safe.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Remote spring: the rise of RDP bruteforce attacks – 10 minute mail

With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape.

Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the increased number of people using remote-access tools.

One of the most popular application-level protocols for accessing Windows workstations or servers is Microsoft’s proprietary protocol — RDP. The lockdown has seen the appearance of a great many computers and servers able to be connected remotely, and right now we are witnessing an increase in cybercriminal activity with a view to exploiting the situation to attack corporate resources that have now been made available (sometimes in a hurry) to remote workers.

Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet:

Growth in the number of attacks by the Bruteforce.Generic.RDP family, February–April 2019

Attacks of this type are attempts to brute-force a username and password for RDP by systematically trying all possible options until the correct one is found. The search can be based on combinations of random characters or a dictionary of popular or compromised passwords. A successful attack gives the cybercriminal remote access to the target computer in the network.

Brute-force attackers are not surgical in their approach, but operate by area. As far as we can tell, following the mass transition to home working, they logically concluded that the number of poorly configured RDP servers would increase, hence the rise in the number of attacks.

Attacks on remote-access infrastructure (as well as collaboration tools) are unlikely to stop any time soon. So if you use RDP in your work, be sure to take all possible protection measures:

  • At the very least, use strong passwords.
  • Make RDP available only through a corporate VPN.
  • Use Network Level Authentication (NLA).
  • If possible, enable two-factor authentication.
  • If you don’t use RDP, disable it and close port 3389.
  • Use a reliable security solution.

If you use a different remote-access protocol, you still cannot relax:  at the end of last year, Kaspersky experts found 37 vulnerabilities in various clients that connected via the VNC protocol, which, like RDP, is used for remote access.

Companies need to closely monitor programs in use and update them on all corporate devices in a timely manner. This is no easy task for many companies at present, because the hasty transition to remote working has forced many to allow employees to work with or connect to company resources from their home computers, which often fall short of corporate cybersecurity standards. Our advice is as follows:

  • Give employees training in the basics of digital security.
  • Use different strong passwords to access different corporate resources.
  • Update all software on employee devices to the latest version.
  • Where possible, use encryption on devices used for work purposes.
  • Make backup copies of critical data.
  • Install security solutions on all employee devices, as well as solutions for tracking equipment in case of loss.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

COVID‑19 and the shift to remote work – 10 minute mail

As the pandemic forces many employees to work from home, can your organization stay productive – and safe?

The coronavirus (COVID-19) outbreak has officially been categorized by the World Health Organization (WHO) as a pandemic, meaning infection is accelerating in multiple countries concurrently. The United States of America has declared travel bans on 28 European countries, many countries have closed schools and universities, and large gatherings of people have been stopped.

High-profile companies such as Google and Microsoft are encouraging or mandating that staff adopt a work-from-home policy. For modern tech companies, the infrastructure and policy needed for remote working are unquestionably already in place and the vast majority of staff members are probably already laptop users.

For many smaller companies and organizations, however, the situation is likely to be very different. Remote working is probably limited to a few, and realistically mainly for email and other non-operational systems. The education sector is a good case in point: universities have been delivering distance learning as a feature for some time, while high schools and others are mainly dependent on staff and pupils being on-site to learn. The school’s operations and administrative teams also need to be considered, as they are unlikely to be mobile workers and may be using desktop devices rather than laptops.

Breaking the organization into just a few groups with differing requirements and dealing with the needs of each to effect the mass exodus may seem a simplistic approach, but is probably essential given the urgency in some cases. Using education as an example, there are students (the customers), teaching faculty, administration and operations. The school can’t run without significant student engagement, teachers at least need virtual conferencing facilities and the administration teams need network access, and this is the minimum.

In order to be productive, there are common requirements that all remote workers need. As someone who has worked remotely for the majority of his working life, I can attest to the last two:

  • A computer
  • A good internet connection
  • Chat and conferencing applications
  • A dedicated workspace (preferred)
  • Optionally, a phone
  • Self-motivation and discipline
  • A strict routine

Why is the phone optional? In today’s environment it may not be necessary, especially as most chat applications allow direct calling. The need for a phone may be a business requirement rather than an essential device.

Importantly, companies and organizations also need to prepare themselves and their employees for the increased cybersecurity risks associated with remote working. What are some of the challenges that may need to be addressed?

Physical security of company devices

Employees will be exposing company devices to greater risk as they leave the safety and security of the workplace. As a remote employee, I often take myself to the public library to work; there are shared and individual workspaces and it’s a form of socialization. Devices need to be protected against loss and theft with options such as:

  • Full-disk encryption ensures that even if the device falls into the wrong hands, the company’s data is not accessible.
  • Log out when not in use – both at home and in public places. An inquisitive child accidentally sending an email to the boss or a customer is easily prevented, as is limiting the opportunity for someone to access the machine while your back is turned in the local coffee shop.
  • Strong password policy – enforce passwords on boot, set inactivity timeouts, and ban sticky notes with passwords on them: people still do this!
  • Never leave the device unattended or on public display. If it’s in the car, then it should be in the trunk.

What’s in the home technology environment

Ask employees to audit their own home environment for vulnerabilities, before connecting work devices. There are continual disclosures regarding vulnerable Internet of Things (IoT) devices, and this is an excellent time for employees to take action on securing them with strong passwords and updating their firmware/software to the latest versions.

Consider promoting, or even mandating, the use of a connected home monitoring app before allowing work devices to be connected to home networks. The scan or monitoring will highlight devices with known vulnerabilities, outdated software or firmware, or default passwords that need to be changed.

Accessing the company network and systems

Establish if the employee needs access to the organization’s internal network or just access to cloud-based services and email. And take into consideration whether the same level of access to sensitive data enjoyed on-site should be granted when the employee is off-site.

  • If access to the organization’s internal network is needed:
    • I recommend this is only achieved from an organization-owned device so that full control of the connecting device is under the management of the technology security and IT team.
    • Always use a VPN to connect remote workers to the organization’s internal network. This prevents man-in-the-middle attacks from remote locations: remember that since you’re now working from home, the traffic is now flowing over public networks.
    • Control the use of external devices such as USB storage and peripheral devices.
  • Allowing access to email and cloud services from an employee’s own device:
    • Enforce the same endpoint security policy for antimalware, firewalls, etc. as with an organization-managed device. If necessary, furnish the employee with a license for the same solutions used on the organization-owned devices. If you need extra licenses, then contact the provider. They may have solutions to cover you through this unprecedented event.
    • Limit the ability to store, download or copy data. A data breach can happen from any device that contains sensitive company data.
    • Consider the use of virtual machines to provide access: this keeps the employee in a controlled environment and limits the exposure of the company network to the home environment. This may be more complex to set up, but could be a superior longer-term solution.
  • Multifactor authentication (MFA) ensures that access, whether to cloud-based services or full network access, is by authorized users only. Wherever possible, use an app-based system or physical hardware token to generate one-time codes that grant authenticated access. As there may be time pressure to deploy a solution, an app-based solution removes the need to procure and distribute hardware. App-based systems provide greater security than SMS messages, especially if the device used to receive the codes is not an organization-managed device and could be subject to a SIM swap attack.

Collaborative tools and authorization processes

It may seem strange to put these two items under the same heading, but one can help prevent issues with the other.

  • Provide access to chat, video and conference systems so that employees can communicate with each other. This provides the productivity tools needed and helps employees to remain social with their colleagues.
  • Use the collaborative tools to protect against unauthorized instructions or transactions. Cybercriminals will likely use the opportunity of remotely located workforces to launch Business Email Compromise (BEC) attacks. This is where a bogus urgent demand is sent by a bad actor, asking for the urgent transfer of funds, without the ability to validate the request in person. Be sure to use video conferencing/chat systems as a formal part of the approval system so that validation is made “in person”, even when remote.

Training

As per my other recent blogpost, there are numerous COVID-19 scams in circulation, leading to face masks, vaccines, and disinformation. When employees are relocated out of the workplace and placed into the more casual atmosphere of working from home, they may consider clicking on links, as there are no colleagues who might see them watching that amusing video or visiting a webpage.

Cybersecurity awareness training is typically an annual requirement for employees. It would be prudent to offer a refresher to help avoid the human element that cybercriminals attempt to exploit. Consider running a campaign and training requirement before the employee begins working remotely … or as soon as possible thereafter.

Support and crisis management

In the rush to provide remote access, don’t sacrifice cybersecurity or the ability to manage systems and devices. The ability to support users remotely will be essential to ensure smooth operations, especially if users become quarantined due to health concerns. Remote workers need to have clear communication protocols for IT support and for crisis management if they encounter unusual or suspect issues that could be the result of a breach.

There are, of course, additional considerations from a technology perspective; for example, removing or limiting the use of RDP, as detailed in a recent blogpost by my colleague Aryeh Goretsky.

Beyond technology and functional processes, there are other key factors to effective remote working:

  • Communication – Consider having team calls once per day, brief people on the status, and give everyone the opportunity to share experiences and issues.
  • Responsiveness – Remote working is not the same as working in an office environment. Establish clear guidelines of how quickly a remote worker is expected to respond to a request depending on the communication type, email, Slack, calendar invites, etc.
  • Reporting – Line managers need to implement procedures that allow them to ascertain whether the remote workers are getting the job done: mandatory group meetings, team collaboration, daily/weekly/monthly reports.
  • Working schedule – Agree a method of clocking on and off, even if it’s as simple as a team group chat and members saying good morning when they start their day.
  • Health and safety – Do the ergonomic keyboards in the office need to be taken home to provide the same comfort employees are used to? Working from home does not remove the responsibility to provide a good working environment.
  • Liability – Ensure coverage for the company assets while in the employee’s possession.
  • Tech support – Distribute the contact details: all remote workers need to know how to get help when needed.
  • Socialization – Bring remote workers together, particularly virtually. Social interaction is an important part of motivation and increases productivity. Consider a buddy or mentor scheme so that every employee is paired and can problem solve, vent, share or socialize virtually.
  • Accessibility – Establish a virtual open-door management policy, just as there is in the office. Make sure people are accessible and can be easily engaged.

Don’t assume that all employees can switch to remote working effectively and with little assistance or guidance. Home is not the office and they may need significant assistance to adapt.

Philosophically, the world may never be the same again as this mass remote working mandate could prove to be a social/work experiment that few companies would have ever undertaken on such a scale. Will we ever return to our office in the same way?

Stay safe – and healthy!

ESET has been here for you for over 30 years. We want to assure you that we will be here in order to protect your online activities during these uncertain times, too.
Protect yourself from threats to your security online with an extended trial of our award-winning software.
Try our extended 90-day trial for free.



Tony Anscombe


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

6 tips for safe and secure remote working – 10 minute mail

Getting cybersecurity right in the work-from-home world can feel daunting. ESET Chief Security Evangelist Tony Anscombe shares 6 best practices that will steer you in the right direction.

The COVID-19 pandemic has changed the daily habits of millions of people, and working routines are no exception. With millions of people suddenly switching to telecommuting, we’re witnessing a seismic shift in how people work.

In the United States, only one in four full-time employees worked from home for around three hours per week in 2018. The percentage of remote workers has swollen considerably in recent weeks, and many people have to learn some new tools and tricks very quickly. In many cases, companies are bracing for months without their staff in offices, as the closures are not expected to be lifted any time soon.

Beyond other manifold challenges of remote work, this new normal comes with an increase in cybersecurity risks. Even under the usual circumstances, getting cybersecurity right can be challenging for many businesses and workers. In the current work-from-home world, however, managing the myriad cyber-risks can feel downright daunting.

Watch the video to learn how businesses and their employees can maintain at least a minimum level of cybersecurity amid the global health crisis. Among other things, you’ll learn:

  • How to beef up your logins
  • How to avoid data loss should the device fall into the wrong hands
  • How to access the company’s internal network from home
  • How external storage devices come into play
  • Why employees should audit their own IoT devices

If you want to learn more about the increased cybersecurity risks associated with teleworking, as well as about ways to counter them, you may want to read these articles:

COVID-19 and the shift to remote work
Work from home: How to set up a VPN
Work from home: Improve your security with MFA

Stay healthy – and safe!

ESET has been here for you for over 30 years. We want to assure you that we will be here in order to protect your online activities during these uncertain times, too.
Protect yourself from threats to your security online with an extended trial of our award-winning software.
Try our extended 90-day trial for free.



Tomáš Foltýn


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Work from home: Securing RDP and remote access – 10 minute mail

As work from home is the new norm in the coronavirus era, you’re probably thinking of enabling remote desktop connections for your off-site staff. Here’s how to do it securely.

Accessing your servers’ or workstations’ desktops remotely is a great way to manage them. It’s also a huge target for hackers.

For example, if hackers can gain access to the administrator login to your Domain Controller, they effectively own your Windows infrastructure and can quickly wreak havoc on your organization. From sending corporate emails to accounting departments and bookeepers, to siphoning off your company’s intellectual property, to encrypting all your company’s files and holding them for ransom, hacks on Remote Desktop Protocol (RDP) can be very bad.

In this context, although we will mainly say “RDP”, we mean all kinds of remote desktop and remote access software, including VNC, PC Anywhere, TeamViewer and so forth, not just Microsoft’s RDP. The good news is there are many defenses against RDP attacks, starting with turning it off. If you don’t really need remote access, the ‘off’ switch is the simplest.

If you do need to allow such access, there are a variety of ways to restrict it to the good guys:

First off, allow access only from internal IP addresses coming from your company’s VPN server. This has the added benefit of not exposing RDP connection ports to the public internet.

Speaking of exposing ports, if that’s your only choice, you may want to serve up RDP on a non-standard port number to avoid simplistic worms from attacking your network through its RDP ports. Keep in mind, though, that most network scanners check all ports for RDP activity, so this should be viewed as “security through obscurity”, since it provides practically no additional security against modestly sophisticated attackers. You will have to be extremely vigilant about reviewing network access and login activities in your RDP server logs, as it may be more a matter of when and not if an attacker accesses your network.

RELATED READING: COVID‑19 and the shift to remote work

Second, make sure to enable Multi-Factor Authentication (MFA) for remote users as another authentication layer, which we discussed in Work from home: Improve your security with MFA.

Third, whenever possible, only allow incoming RDP connections from your users’ public IP addresses. The easiest way for remote employees to look up their public IP address is to search Google for What is my IP address and the first result will be their IP address. Then your remote workers can provide that information to your IT/Security staff so that your company or organization can build a whitelist of allowed IP addresses. It is also possible to build a whitelist of allowable IPs by allowing their subnet, since dynamic home IP addresses would normally still fall within a subnet after a router reboot or other network maintenance on the client end.

Even if you secure your RDP access, there has recently been a flurry of exploits against it, so to avoid issues, make sure it’s fully patched. More information on securing RDP can be found in It’s time to disconnect RDP from the internet.

ESET has been here for you for over 30 years. We want to assure you that we will be here in order to protect your online activities during these uncertain times, too.
Protect yourself from threats to your security online with an extended trial of our award-winning software.
Try our extended 90-day trial for free.



Aryeh Goretsky and Cameron Camp


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.