UB2.C2 – Use external connections

User behaviors related to external connections can introduce significant security risks, particularly when they involve accessing company resources through unsecured networks or using unauthorized devices. Here are some of the major risks triggered by these behaviors:

1. Unsecured Public Wi-Fi Usage

  • Risk of Data Interception (Man-in-the-Middle Attacks): When users connect to public Wi-Fi, attackers can intercept data transmitted over the network, potentially capturing sensitive information like login credentials or confidential company data.
  • Exposure to Malware and Phishing: Attackers often set up fake public Wi-Fi networks to deploy malware or redirect users to phishing sites. Connecting to such networks can lead to compromised devices and accounts.

2. Bypassing VPN or Secure Connection Requirements

  • Loss of Data Encryption: If users access company resources without using a Virtual Private Network (VPN), their data is transmitted in plaintext, making it easier for attackers to intercept and read.
  • Increased Attack Surface: VPNs often provide additional security controls, like firewalls or intrusion detection systems. Bypassing them can expose users to a wider range of attacks, such as packet sniffing and credential theft.

3. Using Unauthorized Devices or Connections

  • Risk of Data Leakage: Personal devices or unauthorized networks might not have the same level of security controls as company-approved systems. This can lead to accidental data leaks if sensitive information is accessed or shared from these devices.
  • Device Compromise and Malware Infection: Unapproved devices may lack updated antivirus or security patches, making them more vulnerable to malware. If compromised, these devices could serve as entry points for attackers into the company network.

4. Unsecured Remote Access Tools

  • Credential Theft Through Unprotected Remote Access: Using unsecured remote access tools or not securing access with strong passwords or MFA can allow attackers to gain control of corporate systems.
  • Exposure to RDP Brute Force Attacks: Remote Desktop Protocol (RDP) and similar services are common attack vectors. If users fail to secure these tools properly, attackers can use brute force techniques to gain access to company resources.

5. Connecting to Untrusted Networks

  • Increased Exposure to Network-Based Attacks: When users connect to untrusted networks (e.g., guest Wi-Fi at hotels or cafes), they expose their devices to attacks from other devices on the same network, including port scanning and direct attacks.
  • Risk of Network-Based Eavesdropping: Untrusted networks might lack proper isolation and segmentation, allowing attackers to monitor network traffic and potentially capture sensitive information.

6. Unencrypted File Transfers

  • Sensitive Data Exposure: Transferring files over unencrypted connections, such as FTP or non-secure email, can expose sensitive data to interception or theft.
  • Lack of Data Integrity: Unsecured file transfers may not include measures to verify data integrity, making it easier for attackers to intercept and alter files during transit.

7. Shadow IT and Unauthorized Cloud Services

  • Data Governance Issues: When users employ unauthorized cloud services for convenience, the company loses control over data governance, increasing the risk of unauthorized access, data breaches, or non-compliance with regulatory requirements.
  • Data Leakage and Compliance Violations: Unauthorized cloud storage services may not meet the company’s security and compliance standards, putting sensitive information at risk of exposure.

8. Poor Configuration of External Connections

  • Improperly Configured Firewalls and Ports: If users configure external connections or access points without adequate security measures (e.g., open ports, weak firewall settings), it can create vulnerabilities that attackers can exploit.
  • Misconfigured VPNs or Security Gateways: Incorrectly setting up VPNs or security gateways can lead to ineffective security controls, resulting in unauthorized access to internal systems.

To mitigate these risks, companies should enforce security policies that limit the use of external connections to trusted devices and networks, require VPN usage for remote access, implement strong monitoring for unusual connection behaviors, and regularly educate employees on safe practices for remote access and network usage.