Skip to main content

Your Router is Under Attack

The coronavirus spread quickly but it’s possible cyber criminals moved even quicker in distributing all manner of pandemic-themed scams.

Exploit attempts against several consumer-grade routers and IoT were amongst the top Intrusion detections in 2020. This stems from criminals trying to take advantage of “The New Normal” of the network perimeter extending to the home.

The barriers that existed between a corporate office network and a home network were eroded in 2020. Networks were turned inside out, with most workers now accessing critical networked resources and applications from their homes. This change happened suddenly, which left little time to plan an effective cybersecurity strategy. As a result, ‘PWING’ an outdated and insufficiently secured home office now also means PWING the corporate network. When the dust settles, who is going to be blamed for that?

Some organizations are still trying to figure out how to effectively scale their enterprise security protections out to their employees at home. In the meantime, exploits targeting Internet of Things devices, such as home entertainment systems, home routers, and connected security devices, were among the top threats observed. Each of these IoT devices introduces a new network “edge” that needs to be defended. Any device that connects to a network is “a network edge”, and if an attacker can force that device to connect to another network just long enough to load a malicious payload on it, or otherwise take control of it, the attacker can then let it go back to its original network where it can serve as the vehicle for the malicious payload to spread. This has put pressure on security teams to figure out how to extend security monitoring and enforcement out to every device.

In the meantime, user-based resources that were once hidden behind a full stack of enterprise-grade security solutions are now protected with little more than an SSL connection in some situations. As a result, we are seeing success by cybercriminals targeting home networks using older exploits aimed at aging connected devices and then using them as a beachhead from which to launch attacks against the corporate network as well as cloud-based applications and resources. How old is your router? When was the last time you checked for a firmware update?

Intrusion detections targeting common network device brands during 2020. Source FortiGuard Labs.

Cybercriminals are creative and opportunistic, after decades of having to cut their teeth trying to circumvent enterprise-grade security technology solutions that are monitored by teams of cybersecurity professionals, they caught a huge break in 2020 thanks to COVID-19.

Here are some examples of commonly used home network routers that might be at risk.



As you can see these models are still widely sold routers. Let us take a look at some of the vulnerabilities associated with them. The links below will take you to a page where the vulnerabilities are explained in further detail.

Netgear

https://www.exploit-db.com/exploits/41598

This vulnerability allows remote attackers to execute arbitrary commands via shell. Basically, you can access and take control of the router remotely.

https://www.exploit-db.com/exploits/43055

This vulnerability exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in certain Netgear DGN1000 firmware versions. You can run code against the router, without having to authenticate.

D-Link

https://www.exploit-db.com/exploits/37171

D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. This module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR

https://www.exploit-db.com/exploits/28333 

Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected. UPnP stands for Universal Plug and Play and is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices (Wikipedia). This is exactly what attackers look for, a protocol that if they can take control of can allow them to poke around in the network for other devices. This is why it is only intended for residential devices.

These are just a few but other common brands are also under attack including Asus and Linksys.

I believe the time has come for home users to start paying serious attention to network and data security and not just convenience. The notion that "if it is connected and working, everything is Ok" is not only incredibly naïve but also dangerous. 

Talk to your employer and express your concerns, make sure that they have a plan. It is not just their data at risk, but also yours. Attacks are shifting to the home network in the way that sharks follow the scent of blood in the water. Now, because you are accessing corporate data from home, your network can become the target of attacks and as a result, your data and privacy (sensitive documents, pictures, financial information, digital activity, etc.) can be at risk. 

So, who's responsibility becomes to protect your home network? 

Our recommendations for protecting your home network and connections to corporate networks that might be needed to access files, data, etc.

  1. Get a Real Firewall. This is basically a router with enterprise-grade security features that are usually licensed, which includes periodic firmware and security updates.
  2. Get Endpoint Protection. Network protections are enough, especially if the network is complicated internally with multiple access points or switches. 
  3. Use Multi-Factor Authentication for VPN. This is the only way that you can say with a fairly high amount of certainty that you are creating a secure tunnel between your home network and your corporate network.

Technology vendors we recommend.

  1. Fortinet
  2. Cisco
  3. Sophos

Hope this has been helpful.

J.

Labels:

Comments

Post a Comment

Popular posts from this blog

Who's Responsibility is it?

Work From Home is going to become the new norm for many organizations across the world thanks to mother nature. Covid has forced many industries to evolve at an accelerated rate. Financial Technologies, for example, has experienced a growth of adoption rate that under normal circumstances would probably be observed across 5 to 10 years.  If there is one great thing about us humans, we can adapt to new conditions. Overall, we are great at rolling with the punches.  Working from home, as is the case with any new dynamic, will introduce new challenges and questions that need to be answered with regards to data protection.  These are some of those questions... 1. Now that I am working from home, is my employer at least partially responsible for the security of my network and personal data? This might seem like a reach but think about it... Organizations are constantly targeted by cybercriminals because looking to steal sensitive data about users, employees, patients, etc. Instead, cybercri
Post a Comment
Read more

My Review of BlackBerry | Cylance

  Most of us associate the Blackberry brand name with its relative dominance in the early 2000s when almost everyone who had a smartphone had a Blackberry. Nothing lasts forever. Unfortunately for the brand, 2007 marked the introduction of touch screen phones with the new iPhone unveil. Android phones also arrived on the scene soon after. What most of us do not know is that Blackberry also provided to their users a secure and at the time revolutionary way for users of Blackberry devices to communicate with each other. In essence, security has always been a part of the Blackberry brand. It takes a lot of courage, work, and time to reinvent yourself as a company. Many do not succeed. For Blackberry, the road to reinventing itself as a cybersecurity brand has not been without its few bumps. Today, Blackberry is recognized as one of the top cybersecurity companies offering protection for enterprises and consumers alike. This review will look at Blackberry | Cylance’s ratings against
4 comments
Read more