Poor router security makes SMBs vulnerable to attack

Issue 4 2022 Cyber Security

Prevailing wisdom is to make sure that your computer and any linked cloud services are protected to the hilt with software and support services to detect and prevent malicious ransomware and other cybercriminal attacks. However, another vulnerable frontier is every user’s gateway to the internet: the router.

Carlo Bolzonello.

While major malware and ransomware incidents frequently make headlines in the media, router vulnerabilities are not as frequently publicised, but the outcomes of these violations could be immensely damaging to the businesses they affect.

For example, if a router was used at a business at which access control was managed over the internet, the compromised router would give cybercriminals access to the internal network. Leveraging past insecure firmware updates, criminals could make surveillance cameras ‘loop’ on empty footage, making it possible to gain access without detection, and tamper with or steal items and documents.

A compromised router also makes it possible for cybercriminals to snoop on non-encrypted internet traffic, redirecting DNS requests to attacker-controlled servers, making it possible for external parties to access unprotected internal resources and unprotected devices, particularly those with weak passwords. This in turn leads to credentials theft, and the theft of intellectual property and competitive information.

This type of criminal access also leads to third parties being compromised, such as clients, suppliers, or even other entities in a shared supply chain.

“Attacks via compromised routers are most frequently targeted at companies with small or medium-sized digital infrastructure, such as independent law firms, private clinics and other healthcare facilities, agencies, and even news organisations,” says Carlo Bolzonello, country lead for Trellix in South Africa.

“These organisations may feel a false sense of security because they don’t think they’re as big or important to cybercriminals as big corporates or government, but they still hold a treasure trove of personal data, and are linked to ‘bigger fish’, making them ideal targets for malicious actors wanting to harvest information for illegal use, or for ransom.

“While the ransomware hits that make the news are usually about big companies, cybercriminals know that these organisations typically have a security solution with extended detection and response protocols (XDR) in place. That’s why they’re content to turn their attention to small environments that are easier to access, and more likely to pay a ransom because they don’t want to attract any negative attention from clients.”

Small- and medium sized businesses can access XDR solutions, which integrate multiple security products into cohesive security systems, providing a holistic but simple view of threats across a business’s entire technology stack – including its routers.

“The growing shift to work from home, which means that privately owned routers are linking into businesses’ networks, means that it’s more imperative than ever for enterprises of all sizes to have a unified and proactive approach to cybersecurity,” Bolzonello says. “Every business – no matter its size – needs to protect its entire landscape of technology assets, including all endpoints, mobile, network, and cloud workloads.”

Find out more at https://trellix.com

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Managing data privacy concerns when moving to the cloud
Cyber Security
While the cloud offers many business benefits, it can also raise concerns around compliance, and some organisations have taken the approach of staying out of the cloud for this reason.

Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.

The democratisation of threats
Cyber Security
Bugcrowd looks at some of the primary vulnerabilities the world faced in 2021, and the risks moving forward with growing attack surfaces and lucrative returns on crime.

Protecting yourself from DDoS attacks
Cyber Security Security Services & Risk Management
A DDoS attack, when an attacker floods a server or network with Internet traffic to prevent users from accessing connected online services, can be costly in both earnings and reputation.

Exploiting Android accessibility services
Cyber Security
Pradeo Security recently neutralised an application using Android accessibility services that exploits the permission to perform fraudulent banking transactions.

Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Keeping devices in check
Cyber Security Asset Management, EAS, RFID IT infrastructure
Kaspersky patents new technology for analysing relationships between electronic devices to counter cyberattacks launched through connected IoT devices.

Considering cloud downtime insurance?
Arcserve Southern Africa Cyber Security IT infrastructure Security Services & Risk Management
Byron Horn-Botha, business unit head, Arcserve Southern Africa, reveals three vital steps that you must consider to ensure business continuity before you buy insurance.

A robust OT cybersecurity strategy
Editor's Choice Cyber Security IT infrastructure Industrial (Industry)
Cyber experts are still struggling to convince senior management to spend money to protect their control system assets, resulting in a lack of even basic measures to protect control systems.

Why Multi-Factor Authentication, universal ZTNA and Zero Trust matter
Access Control & Identity Management Cyber Security
Malicious cyber actors are experimenting with new attack vectors and increasing the frequency of zero-day and other attacks, according to Fortinet’s 1H 2022 FortiGuard Labs Threat Landscape report.