The coronavirus spread quickly but it’s possible cyber
criminals moved even quicker in distributing all manner of pandemic-themed scams.
Exploit attempts against several consumer-grade routers and
IoT were amongst the top Intrusion detections in 2020. This stems from
criminals trying to take advantage of “The New Normal” of the network perimeter
extending to the home.
The barriers that existed between a corporate office network
and a home network were eroded in 2020. Networks were turned inside out, with most
workers now accessing critical networked resources and applications from their
homes. This change happened suddenly, which left little time to plan an
effective cybersecurity strategy. As a result, ‘PWING’ an outdated and insufficiently
secured home office now also means PWING the corporate network. When the dust
settles, who is going to be blamed for that?
Some organizations are still trying to figure out how to
effectively scale their enterprise security protections out to their employees
at home. In the meantime, exploits targeting Internet of Things devices, such
as home entertainment systems, home routers, and connected security devices,
were among the top threats observed. Each of these IoT devices introduces a new
network “edge” that needs to be defended. Any device that connects
to a network is “a network edge”, and if an attacker can force that device to
connect to another network just long enough to load a malicious payload on it,
or otherwise take control of it, the attacker can then let it go back to its
original network where it can serve as the vehicle for the malicious payload to
spread. This has put pressure on security teams to figure out how to extend
security monitoring and enforcement out to every device.
In the meantime, user-based resources that were once hidden
behind a full stack of enterprise-grade security solutions are now protected
with little more than an SSL connection in some situations. As a result, we are
seeing success by cybercriminals targeting home networks using older exploits
aimed at aging connected devices and then using them as a beachhead from which
to launch attacks against the corporate network as well as cloud-based
applications and resources. How old is your router? When was the last time you
checked for a firmware update?
Intrusion detections targeting common network device brands during
2020. Source FortiGuard Labs.
Cybercriminals are creative and opportunistic, after decades
of having to cut their teeth trying to circumvent enterprise-grade security
technology solutions that are monitored by teams of cybersecurity professionals,
they caught a huge break in 2020 thanks to COVID-19.
Here are some examples of commonly used home network routers that might be at risk.
As you can see these models are still widely sold routers. Let us take a look at some of the vulnerabilities associated with them. The links below will take you to a page where the vulnerabilities are explained in further detail.
Netgear
https://www.exploit-db.com/exploits/41598
This vulnerability allows remote attackers to execute arbitrary commands via shell. Basically, you can access and take control of the router remotely.
https://www.exploit-db.com/exploits/43055
This vulnerability exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in certain Netgear DGN1000 firmware versions. You can run code against the router, without having to authenticate.
D-Link
https://www.exploit-db.com/exploits/37171
D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. This module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
https://www.exploit-db.com/exploits/28333
Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected. UPnP stands for Universal Plug and Play and is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices (Wikipedia). This is exactly what attackers look for, a protocol that if they can take control of can allow them to poke around in the network for other devices. This is why it is only intended for residential devices.
These are just a few but other common brands are also under attack including Asus and Linksys.
I believe the time has come for home users to start paying serious attention to network and data security and not just convenience. The notion that "if it is connected and working, everything is Ok" is not only incredibly naïve but also dangerous.
Talk to your employer and express your concerns, make sure that they have a plan. It is not just their data at risk, but also yours. Attacks are shifting to the home network in the way that sharks follow the scent of blood in the water. Now, because you are accessing corporate data from home, your network can become the target of attacks and as a result, your data and privacy (sensitive documents, pictures, financial information, digital activity, etc.) can be at risk.
So, who's responsibility becomes to protect your home network?
Our recommendations for protecting your home network and connections to corporate networks that might be needed to access files, data, etc.
- Get a Real Firewall. This is basically a router with enterprise-grade security features that are usually licensed, which includes periodic firmware and security updates.
- Get Endpoint Protection. Network protections are enough, especially if the network is complicated internally with multiple access points or switches.
- Use Multi-Factor Authentication for VPN. This is the only way that you can say with a fairly high amount of certainty that you are creating a secure tunnel between your home network and your corporate network.
Technology vendors we recommend.
- Fortinet
- Cisco
- Sophos
Hope this has been helpful.
J.
Comments
Post a Comment