Citrix Blogs

Security challenges in the time of quarantine

Recently, I wrote a blog post about my experience working from home (I can’t believe I’ve done it for 12 years now). What we’re dealing with now, though, is different from typical working from home.

You aren’t just working from home. You’re bringing your office home (BYOH, anyone?). Your closest family members are your newest colleagues. And even if you’re experienced at working from home, you might be adjusting to having your spouse and your kids sharing your work environment.

The situation also has implications on security and privacy. For hackers, crises often present the best opportunities to spread malware and launch phishing campaigns (see 7 ways hackers and scammers are exploiting coronavirus panic). You’re only as secure as your weakest link, and now you have new links in your chain — your closest family. For companies, that means their security perimeter has suddenly expanded.

Imagine a family of five with three laptops. Normally, usage would be spread throughout the day. Your kids are at school and your spouse might be at work, and you’re the only one at home, online. Now it’s different. Kids are attending virtual school in the next room. You have work to do between 9 a.m. and 5 p.m., and so does your spouse. You’re sharing resources, using them at the same time of the day, and your attention is divided among many problems. And while most companies have policies against personal use of corporate devices (including sharing it with your kids), these are hard to enforce during a pandemic. Combine this with hackers who have more time on their hands (and are, frankly, bored), and the attack opportunities expand.

COVID-19 has been much more successful at pushing technology adoption than any C-level executive could ever be. Projects that normally could years had to be implemented in weeks or even days. While many companies will need to rethink their IT strategy after all of this is over, a lot are simply looking for quick and productive solutions. That can lead to implementation of insecure solutions or companies allowing or overlooking shadow IT.

When it comes to IT security, I don’t believe in predicting the next crisis or in unsinkable, foolproof security solutions. I believe that you must build secure IT systems and that you can quickly adapt to new situations. I’ve talked often about multi-layered security architectures with Citrix solutions (watch this Cyber Kill Chain webinar, for example). Security isn’t just about protection, it’s also about the ability to control, adapt, and monitor (learn more in our post on zero trust security and Citrix Workspace). In this post, I’ll look at a new Citrix feature — app protection policies — that is especially helpful in BYOH scenarios.

App protection enables companies to protect apps and data on unmanaged endpoints and ensure their corporate systems and information remain safe.

It has two primary capabilities — anti-screen-capture protection and anti-keylogger protection — both of which work by filtering access to underlying operating system functionality. That means they don’t block specific tools, they block specific API calls (yes, of course I had to write my own tools to test this in reality 😊). Let’s take a look at two real-life examples.

Privacy on the Internet? LOL

You’re struggling to meet deadlines and working on a sensitive document. It is time for a short coffee break to clear your head. While you’re outside, your daughter decides to use your laptop to video conference with her friends and show them her school project. She shares the screen, not realizing your work is visible.

This wouldn’t happen in an ideal world, but it happens daily in the real world — accidentally sharing your screen, the wrong monitor, or a notification with sensitive information.

Anti-screen-capture capabilities enable you to prevent people from taking screenshots. But other types of apps use the same OS capabilities — screen sharing for conference calls, for example. With app protection policies, you can protect selected apps and data from accidental screen sharing.

Protected application shared in Zoom meeting

Another category of tools — remote access trojan (RAT) utilities — are often used by hackers as a backdoor into your system. App protection policies make these tools much more difficult for an attacker to use and, in many cases, eliminate their efficacy.

The anti-screen-capture capabilities of Citrix’s app protection policies aren’t just useful for preventing your employees from taking screenshots. In the world of unmanaged and often unsecure meetings, webinars, and conferences, protecting your sensitive information is more critical than ever before.

Always Do Your Best. What You Plant Now, You Will Harvest Later.

It’s time for another coffee break. Now, it’s your son who jumps on your computer to check out a few websites. What he (and you) don’t know is that one of those websites has infected your computer with credential-harvesting malware. A few hours later, the attacker starts getting data from your machine — work credentials, bank accounts data, social media logins, and much more.

I’ve seen many customers spend a lot of effort (and money) protecting against niche attacks, while ignoring the most obvious attack vectors. The Data Breach Investigations Report provides an amazing view of the security landscape and is my favorite read each year. Take a look and you’ll see that, unsurprisingly, stealing credentials are among the most common and successful methods used by attackers.

When we talk about keylogger technology, a lot of people imagine a hacker eating popcorn, staring at the screen, and reading what you type as you type it. But unless you’re a target of whale phishing (in which case you might get a more individualized attention), most attackers prefer large-scale, automated attacks. Nobody has time to spend hours watching your screen or reading your online rants. Those keyloggers are typically used by script kiddies or jealous partners, but most hackers use wider and more scalable approaches.

Credential harvesting is a more productive use of keylogger technology than collecting everything you type. Attackers plant malware on your machine that will monitor and record sensitive information like primary credentials. Anti-keylogging protection with app protection policies prevents credential harvesting and other data capture from protected apps, including Citrix Workspace authentication dialogs. In my opinion, this is the most important and interesting capability of App protection policies.

Typing inside unprotected (left) and protected (right) application. In keylogger (at the bottom of screen) you can see that text typed in left document is clearly visible, but the text in the protected document has been encrypted and is not visible to the attacker.

Stay Safe, Stay Secure.

Working from home (or bringing your office home) is our reality now. Google’s community mobility report shows that commuting to work in the U.S. is down 38 percent, and other countries are experiencing similar trends.

For many companies, this shift to remote work has disrupted business. Others are adapting and reevaluating their IT strategy now that they see remote work as a plausible approach that enables employees to remain productive. Yes, remote work introduces new security challenges, but choosing the right technology — the kind of technology Citrix offers — can keep your data secure and ensure that when employees BYOH, it’s a safe place where they can be productive.

Learn more about app protection policies in this Citrix Tech Zone overview and this guide for installation and configuration.

Exit mobile version