This Notice is for IIROC Dealer Members who use remote access services (e.g. Virtual Private Network – VPN, remote desktop, etc.) to support work from home arrangements.
We continue to see evolving cybersecurity threats, this time related to the use of remote access services with attackers increasingly targeting and exploiting its vulnerabilities.
Remote access service vendors have advised that potential vulnerabilities are being leveraged to gain access to internal networks of various organizations. Attackers have been observed actively scanning for vulnerable configurations. Once access is gained, attackers can remain undetected and will look to obtain additional privileges to launch future attacks such as ransomware or data exfiltration.
What to do?
Firms must continue to apply general security precautions and actions to all computing resources with vigilance to external facing components such as remote access services.
We strongly recommend that your Information Technology department or services provider does the following:
- Patch all systems – ensure security patches and secure configurations are applied in a timely manner according to vendor recommendations.
- Monitor network environments – continue to monitor your environment for any anomalous behaviour (e.g. brute force attacks, irregular login/network activity, etc.). Take immediate action including password resets for any suspected breaches.
- Implement multi-factor authentication (MFA) – ensure MFA is implemented and enforced for all users when logging in from an external network.
- Install anti-virus/anti-malware solutions and updates – ensure anti-virus/malware tools are in place and up to date with the latest indicators of compromise on servers, end points, and network.
Further information and resources on managing cybersecurity threats, including guides and webinars, are available on IIROC’s cybersecurity site.