Are the bad guys already living in your house, using your network and devices as members of a bot army to use your resources and bandwidth as a weapon against businesses, the US government, and the military?
One of the "go to" techniques of threat actors is that when they see a geo block from their host country to a business network, they simply switch to a subscription service called "Proxy as a Service".
What happens is the threat actor uses a compromised personal network to get around the block. Now, instead of the bad guys attacking directly from the foreign country, they quickly show up, for example, as an Optimum cable modem in Yonkers, NY, USA. Geoblocking is defeated, and the attack continues from an unknowing participant's house!
Recently, Cloudflare announced a record-breaking denial-of-service attack of over 31 Terabits! That number was most likely achieved by the growing botnet army comprised of people's personal devices and networks that have been successfully infected.
This morning, I was reading about the "Kimnet Android botnet" infecting at least 2 million TVs and other Android devices in people's houses!
There are a bunch of concerns and suggested actions:
Personally, you should make sure your firewalls, routers, cameras, TVs, Apple, Microsoft, and Android devices are updated to the latest firmware and security patches.
TVs are mostly Android devices. There are lists of known compromised cameras and firewalls/routers that should be removed from your network. If you have trouble determining whether your equipment is on that list, please reach out.
The federal government has announced a ban on overseas routers.
Remember a lot of these "free" VPN clients that your kids are downloading are in fact trojan horses trying to do bad things to you. As more States and sites implement age restrictions and proof-of-identity requirements, we have seen a surge in tools designed to circumvent these legal barriers.
If a threat actor can breach your personal network and infect your devices to bring that infection into your work network, that is pure gold for them.
If you work from home via a legitimate VPN connection, that connection might expose your personal network to your work network. There are specific settings to block local access. Those must be set to block local access.
If you are providing remote VPN access to your network, you need to ensure that your approved VPN clients have that remote local access blocked. You need to ensure that anyone allowed to VPN into your network can access it only from a machine you maintain and manage. We need to ensure that appropriate security updates and EDR defenses are in place and well-maintained for anything that touches your network. Also, make sure that what the remote user can access is extremely limited (i.e., a single inside machine destination). Too many of you have these broad "any/any" rules in place where you have given out substantially more than is reasonably necessary to provide appropriate functionality to the remote user. That is a huge exposure that is a ticking time bomb in your network.
Please fix that ASAP.
And finally, if you are in a high-security environment, you need a commercial-grade firewall and switch at home that let you put the family on one network and your work equipment on its own, isolated network. Yes, that will cost more than running down to Best Buy and buying an off-the-shelf product, but that is the price of creating a truly secure remote work environment.
There is a lot to unpack for your home and for you to process as you oversee your networks.
Acture is ready to help sort this all out you to keep your networks safe and secure while keeping everyone productive in whatever they need to do.
Give us a call and let's talk through your specific requirements.