The issue here seems to have been, as it normally is, a human error. The accounts of our competitor have been compromised (most probably at the customer’s level, using some sort of social engineering), leaving the devices wide open and reachable. From there, it was trivial to the attackers to take control of the remote data and to perform malicious activities. Human error can always occur: usually, the lack of concern or knowledge about the security measures that could be taken to prevent malicious access to the network is the main driver of these occurrences.
In our opinion, at a professional/corporate level, the Remote Providers must take an important role in predicting the usual constraints that lead to bad security and try to condition the user – or at least to educate him – on implementing good practices and take preventive measures.
When we at BeAnywhere say “Security is our major concern” we really don’t want you to believe us. Don’t take our words for it. Be better than that and judge not words, but the actual features we’ve designed to create a secure environment within our client’s networks. Try us and discover what you can do to prevent third-party security breaches. Can you still be hacked with BeAnywhere? Sure: use a simple password for your BASE account, write it on a post-it and stick it to the top of your monitor. But even so, if you put into use only a fraction of what we have to offer (you can and should combine several of this measures), attackers will be stopped in their tracks.
BASE is fully compatible with Windows authentication methods (local accounts, domain or Microsoft accounts), which means you can require that valid credentials are presented to the remote machine in order to get access to it. This authentication method can even be setup to only accept credentials from users who have administration privileges to that machine. Alternatively, a locally-defined BeAnywhere’s proprietary password can be used to the same end.
Each time someone tries to access a remote machine, a notification pops-up and lets the local user decide whether this activity is legit or not; the remote user will have to wait for permission in order to access the remote machine. Enabling this feature assures that the attackers should need physical access to the computer – or at least would have to convince someone with local access to authorize the session. If Local Authentication and the Pre-Session Authorization methods are combined, making sure that the local computer user doesn’t have administrator credentials or doesn’t know the BeAnywhere Password entirely avoids social engineering attacks – the attacker would have to authenticate even before the session could become available for the local user to authorize it.
Two Factor Authentication
The login of your technicians can be protected by a new layer of authentication using a mobile token (Android, Apple® iOS and Windows® Phone OS supported), making it even more difficult to breach remote computers. The attacker would have to get access not only to a technician password but also to his mobile device in order to be able to access the machines he could try to compromise. Combine this measure with the two described above and his job gets really hard by now.
Windows Event Logs
By this time, if we exclude Hollywood scenarios (abducting a technician, make him speak, steal his mobile phone and make him convince a remote user to accept a session) the most probable situation is that the attacker is someone from the inside of your company. Assuming that you have your techs configured correctly, with just enough permissions to do their job, etc., you still have an ultimate lifesaver: BeAnywhere sessions are locally registered as Windows® Events. Combining this feature with the monitoring capabilities of our inSight Lite module, you can be warned when a certain computer is being accessed and decide if it is a legitimate action or not.
Finally, BeAnywhere sessions are fully encrypted end-to-end, preferably P2P, and every command sent is digitally signed. This means that the data from sessions cannot be tampered with, or used in any way.