The virus-induced transition from offices to remote working has widened the attack surface for threat actors.
Researchers at Israeli cybersecurity firm, Check Point have detected security flaws in Apache Guacamole — a free and open source software which enables remote workers to access their company’s computer network from anywhere through a web browser. If the security flaws are exploited, they can compromise remote sessions, login credentials, and eventually the company systems.
Check Point disclosed its findings to Apache on March 31. A patched version was released in June 2020. Organisations need to update their corporate servers to get the patched version.
During their research, Check Point researchers found that a threat actor with access to a computer inside an organisation can execute a reverse RDP (Remote Desktop Protocol) attack — where a remote PC infected with certain malware takes over a client that tries to connect to it.
Using the attack, hackers can take control of the Guacamole gateway that handles all of the remote sessions in a network.
Once they have control over the gateway, they can eavesdrop on all incoming sessions, record all the credentials used by employees, and even control other sessions within the organisation.
“While the global transition to remote work is a necessity in these trying times, we should not neglect the security implications of such remote connections. This research demonstrates how a quick change in the social landscape directly affects what attackers might focus their efforts on. In this case, it’s remote work,”
Omri Herscovici, Vulnerability Research Team Leader, Check Point said in a statement.
Herscovici has urged organizations to keep their servers up-to-date to protect their remote workforces.
A vital cog in remote working infrastructure used by various organisations across the world, Apache’s Guacamole has over 10 million global downloads. It acts as a remote desktop gateway that allows employees to access corporate computers through a web browser in a secure manner.
When employees connect to their company’s server remotely using a web browser that supports HTML5, they have to go through an authentication process to get access to the corporate computer. Guacamole server selects one of the standard protocols like Microsoft’s RDP (Remote Desktop Protocol), VNC (Virtual Network Computing) and SSH (Secure Shell) to connect to the specific corporate computer. Once connected, it acts as a middle man keeping the traffic to company systems secure.