Today’s environment makes it harder than ever to keep attackers out of your network.
Users connect from home networks riddled with potential vulnerabilities, through tools with vulnerabilities, into networks that contain more vulnerabilities.
We continue to plug the leaks as they become exposed, but it’s more important than ever to recognize that your security defenses can only do so much. To truly secure your environment, you’ll need to test for new vulnerabilities and actively monitor for malicious activities.
Vulnerable Home Networks
Many users transitioned to remote work and now connect through their home networks. Unfortunately, most of these users don’t have the capabilities to secure or monitor their home environments.
Comcast noted that their average user connects 12 devices per home, with high-end users having more than thirty connected devices. Unfortunately, 96% also cannot correctly answer six basic true/false cybersecurity questions.
Ignorance isn’t the only problem. Researchers recently discovered the Amnesia:33 vulnerabilities, which impact both smart and industrial devices, in four open-source TCP/IP libraries.
Millions of consumer-and-industrial-grade IoT devices incorporate these flawed libraries into their firmware. Our home-users’ networks now potentially face remote code execution, denial of service, information leak and DNS cache poisoning attacks from smartphones, printers, IP cameras, and even gaming consoles.
While these same flaws also affect the workplace, IT teams can take steps to isolate these devices at the office through network segmentation.
But, will your home-users be able to take any steps at all?
The average user is unlikely to take action, and be even less likely to know if any action is necessary. Yet, these vulnerabilities can affect the endpoint used to connect to the network, which makes their home network problem your workplace problem!
Does your IT manager have an obligation to extend your network protection to home devices to keep those vulnerabilities from affecting our corporate networks? Do you need to send separate routers to your remote workers for a segregated work network, or to devote resources to securing their home environment?
Your IT department likely does not have the bandwidth to set up home networks. Strained budgets and stressed employees cannot reasonably extend to every worker’s home, so you’ll need to monitor your systems systems for signs of malicious activity.
GE Medical Device Vulnerability
Of course, your home users will never be the only source of attack.
In May, researchers reported the MDHexRay flaw – default credentials coded into GE Healthcare’s management software for medical imaging devices.
GE supposedly started notifying the owners of more than 100 affected product families including MRI, ultrasound, X-ray, and mammography devices. However, customers must request changes through GE Healthcare’s support system. Some experts estimate that this problem could take years to fix all of the devices.
To prevent attackers from using these flaws to steal personal health information or even altering the results of the tests, it’s recommended that healthcare providers restrict certain ports and isolate the devices with strict connection rules. Even fixing the devices will require on-site IT team involvement, so this is yet another long-term headache that hospitals don’t need during a pandemic.
Insecure Secure Connections
You install security software, VPN routers, and advanced firewalls for network protection, but flaws appear in these layers of security as well.
In fact, D-Link, Cisco, and VMware all patched vulnerabilities in December.
D-Link issued patches for VPN routers that could allow hackers to execute commands as root. Cisco released an update to their Cisco Security Manager to prevent remote code execution on devices such as Cisco Catalyst 6000 Series Switches, Integrated Services Routers, Firewall Services modules, and more.
Meanwhile, the NSA warned that Russian state-sponsored groups have targeted a security flaw in at least 12 remote-work VMware platforms, including Workspace One Access and Identity Manager. Although recently patched, organizations are warned that the critical escalation-of-privilege flaw should be addressed immediately through patching, hardened configurations and monitoring federated authentication providers.
Testing & Monitoring
Even the best IT teams can fall prey to attack.
The security firm FireEye acknowledged a breach in which hackers stole proprietary Red Team assessment tools used to probe customer’s IT systems for vulnerabilities.
Do you need to fall victim before you recognize the need to test your own systems before the hackers do?
No! You must test and monitor your systems for attack before you’re breached to minimize the damage.
Need 24/7/365 support and guidance?
Our cyber security team at Blue Bastion provides expert Red Team testing and security monitoring to uncover flaws and continuously intercept attacks. Contact us today at 412-349-6680 or fill out the form below to proactively defend your IT systems.