We are past Memorial Day and staring at the end of the school year and the start of summer. With almost every budget passing in New York State, you know what your funding is for 2025/2026, and you are finalizing your summer projects.
While you are implementing all your upgrades and initiatives, I beg you not to forget to combat the Zombies in your network - and please refrain from creating any new ones.
Zombies are quite simply all those network devices, workstations, servers, and other IoT devices that are officially "retired" but not actually "physically removed" from your network and remain online.
It often starts with pressing the power button once the device is retired and not pulling it from the rack in your closet. Many of those devices auto turn on after a power failure. Sooner or later, the power will go out and come back on.
Suddenly, these retired devices rise from their graves.
It is the ultimate attack surface for malicious actors. Unpatched, unsupported, and most likely removed from your security stack and monitoring platforms.
Remember that in the most recent ransomware event, the attackers were seen infiltrating the network but then went dark because they hid in these gaps to destroy the network end-to-end, living off the land and not triggering any other alarms until all the endpoints were completely compromised.
Ensure that your internal team and any outside vendors physically remove the retired equipment from your network. I realize that it is sometimes not possible for various reasons. However, you can always completely remove the power source from the network (whether it's PoE, a power plug, or another type).
You must, at a minimum, pull and remove the power source, regardless of the circumstances.
Besides the obvious internal attack surface, there is also an external, patriotic reason to kill your Zombies.
There have been multiple reports that somewhat contradict what I keep saying - that nation-states like Russia and China don't have much interest in hacking your district. It generally affiliates with ransomware-as-a-service syndicates, executing crimes of opportunity for financial gain.
However, the new commentary is that these nation-states are hacking networks like yours - not to cause chaos to you right now, but to use your network and your Zombies to attack the United States of America's Critical Infrastructure in a future conflict.
You've heard stories about giant bot armies attacking the Pentagon or other critical infrastructure. They are made up of everything from your compromised router or computer at home to the Zombies on your network.
These reports appear to focus on end-of-life, exposed, and unsupported IoT devices, such as video security cameras, and then encompass everything else.
As part of your Security Awareness Training, you should remind your staff and students to be vigilant in keeping their homes and personal equipment well-maintained. This includes antivirus/EDR, patching, and home/router firewalls.
Recently, a report surfaced indicating that both select D-Link and NETGEAR home routers were compromised. There are other brands as well.
I am reminded of a story from a few years ago, where a woman was at home on her personal network, VPNing into work. Her son's very popular gaming system was also sitting on her personal network. Her son's gaming system saw the VPN tunnel and attempted to access the woman's corporate network!
Scary stuff.
Protect your District and your Country, and join me in exterminating every Zombie you can find.
Acture Solutions is happy to help you kill your Zombies in any way we can. Give us a call.
Scott Quimby
Senior Technical Advisor
vCISO
CISSP
You must be logged in to post a comment.