Home » Blog » A Wake-Up Call for Securing Remote Employees’ Hardware

A Wake-Up Call for Securing Remote Employees’ Hardware

by bikku19792
0 comment


Update: Multiple U.S. and international government agencies released an advisory Feb. 7 detailing the Volt Typhoon attacks. The threat actors targeted and compromised the IT environments of U.S. communications, energy, transportation and water infrastructure in the continental U.S. as well as non-continental areas and territories, such as Guam.

Original article: State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected routers were manufactured by Cisco and NetGear and had reached end-of-life status.

Department of Justice investigators said on Jan. 31, 2024, that the malware has been deleted from affected routers. The investigators also cut the routers off from other devices used in the botnet.

IT teams need to know how to reduce cybersecurity risks that could stem from remote workers using outdated technology.

What is the Volt Typhoon botnet attack?

The cybersecurity threat in this case is a botnet created by Volt Typhoon, a group of attackers sponsored by the Chinese government.

Starting in May 2023, the FBI looked into a cyberattack campaign against critical infrastructure organizations. On Jan. 31, 2024, the FBI revealed that an investigation into the same group of threat actors in December 2023 showed attackers sponsored by the government of China had created a botnet using hundreds of privately-owned routers across the U.S.

The attack was an attempt to create inroads into “communications, energy, transportation, and water sectors” in order to disrupt critical U.S. functions in the event of conflict between the countries, said Wray in the press release.

SEE: Multiple security companies and U.S. agencies have their eyes on Androxgh0st, a botnet targeting cloud credentials. (TechRepublic) 

The attackers used a “living off the land” technique to blend in with the normal operation of the affected devices.

The FBI is contacting anyone whose equipment was affected by this specific attack. It hasn’t been confirmed whether employees of a particular organization were targeted.

How to reduce cybersecurity risks from botnets for remote workers

The fact that the targeted routers are privately owned highlights a security risk for IT pros trying to keep remote workers safe. With IT members not overseeing the routers used at home, it is difficult to know whether employers may be using old or even end-of-life routers.

Botnets are often used to launch distributed denial of service attacks or to distribute malware, so defenses against those are important components of a complete defense against botnet attacks. Botnets are typically led by a centralized command and control server.

Organizations should ensure they have good endpoint protection and proactive defenses, such as:

Software and hardware should be kept up to date, since end-of-life devices are particularly vulnerable. In order to harden devices against being used in botnet attacks, run regular security scans, institute multifactor authentication and keep employees informed about cybersecurity best practices.

In the Feb. 7 advisory, the Cybersecurity and Infrastructure Security agency released the following mitigations for IT teams to prevent Volt Typhoon activity:

  1. Apply patches for internet-facing systems. Prioritize patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon.
  2. Implement phishing-resistant MFA.
  3. Ensure logging is turned on for application, access, and security logs and store logs in a central system.

“Proactively conducting thorough tech inventories of assets beyond the traditional office is essential,” said Demi Ben-Ari, chief technology officer of third-party risk management technology firm Panorays, in an email to TechRepublic. “This approach assists in identifying outdated technology, ensuring that remote workers have up-to-date and secure equipment.

“While remote work introduces potential vulnerabilities due to varied environments, it is important to note that similar attacks could occur in an office setting,” Ben-Ari said.


Source link

You may also like

Leave a Comment