You may also like:
Azure ExpressRoute: Faster, Highly Secure and Predictive
In cybersecurity jargon, the situation can be described as “a significant increase of cyberattacks due to the expansion of the attack surface and the acceleration of new vectors of attack”; allow me to translate. If we forgo the fancy jargon, we are saying that now we have to protect more points of potential access (attack surface) from an increasing number of types of attack (attack vectors). I will get back to this assertion.
So, the question remains, why the sudden increase. At first glance, it could seem counterintuitive; let’s elaborate a bit. The pandemic caused (and in many cases keeps doing it) major lockdowns, business disruptions, temporary and permanent closures, etc.
So, it will seem to stand to reason that with fewer businesses operating at standard capacity, the number of cyberattacks should be proportionally reduced, except that we know for a fact that the reality shows quite the opposite.
To understand this phenomenon, we need to analyze what happened and what was the reaction of most companies in the face of the crisis. Overnight, most countries were facing a mandatory, or at least a strong recommendation to stay at home, which in turn forced companies to devise ways to all the sudden accommodate an unprecedented, even unthinkable, number of employees that needed to work from home.
We all should agree that nobody in IT or Telecom could have predicted or planned to have 80% or more of the workforce working remotely. The systems, including available bandwidth, security appliances, etc. were not designed to sustain that level of workload.
In a pre-crisis scenario, most companies had some degree of remote working, usually the “road warriors,” but that amounted only to a fraction of the total workforce.
Furthermore, the persons authorized to work remotely were either equipped with company-issued controlled devices (e.g., smartphone, mobile Wi-Fi hotspot, laptop, hardware token generators, etc.), or if the company allowed to do BYOD (Bring Your Own Device), those devices were subject to strictly enforced security policies. In jargon terms, the attack surface was well-known, limited, and controlled.
When the crisis stroke companies were forced to improvise and, reluctantly but certainly, relax their “security posture” (jargon for the overall readiness to withstand or mitigate attacks). Devices that were not prepared to be operating outside a controlled environment (i.e., the corporate LAN) were allowed to be used in unknown environments; many workers were permitted to BYOD but without enforcing security policies.
Unless you are into cybersecurity, the chances are that security at home is just a password for the Wi-Fi (and if you have kids, it’s probably something quite easy to remember) and the default configuration that your ISP put into the modem/router that connects you to the Internet.
More to the point, of all the devices connected to your Wi-Fi (the ones you know and the ones you do not), many of them could be highly vulnerable and be used to attack and gain unauthorized access to your home network.
Exploits (more jargon; an exploit is a type of attack that has a successful implementation; in other words, it works in a real-life scenario, not just in theory) like “krack” (https://en.wikipedia.org/wiki/KRACK) and more recently “kr00k”, both used bugs on the implementation of the WPA2 (Wi-Fi Protected Access version 2) protocol that encrypts the Wi-Fi traffic. With kr00k alone, the estimation of affected devices was in the billions. The good news is that a fix for most devices exists, and many vendors already applied it.
Now, if you think that nobody will mess up with your Wi-Fi because even within your house, you can barely get a decent signal, so the attacker will have to be sitting in your living room to do any harm, think again. Probably you never heard about “War Driving” or “War Walking.” Simply put, take a hacker, add a serving of hardware, a pinch of software, and a car just for good measure, and you have a mobile Wi-Fi password cracker that roams the city cracking and storing Wi-Fi passwords; replace the car with a backpack and voila, the same effect. And if you think that this is troublesome, now add a cheap readily available drone to the recipe, and you have a remotely controlled device suitable for wide-area surveillance and hacking that is quite hard to detect. I will leave it up to you to research about WASP (Wi-Fi Aerial Surveillance Platform) and Project Cuckoo.
Therefore, we can conclude that most homes do not qualify as a secure environment. It is worth noting that even if you have a strong VPN (Virtual Private Network) running on the company’s laptop (to secure your connection to the company systems), and even if you are using hardware generated tokens, that alone does not guarantee that other compromised devices within the same network (your home Wi-Fi) can be used by “cyber actors” (jargon for hackers) to remotely take control of your laptop and piggyback your secure connection to the company.
Back to the original assertion; now we can appreciate why and how the attack surface has grown several times fold; no longer do companies have to worry only about the security of their main offices, branches, and road warriors; but rather, they also have to rethink their whole security posture to include the homes of the personnel working remotely.
The combination of o broader surface attack, with the increased use of unsecured devices and networks, was like a Christmas present for most hackers. Hence the increased number of attacks. If you do not think this is serious enough, maybe the official FBI warning will change your mind.
“The FBI advises you to carefully consider the applications you or your organization uses for telework applications, including video conferencing software and voice over Internet Protocol (VOIP) conference call systems. Telework software comprises a variety of tools that enable users to remotely access organizational applications, resources, and shared files.
The COVID-19 pandemic has led to a spike in businesses teleworking to communicate and share information over the internet. With this knowledge, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities [emphasis added].” – Alert I-040120-PSA FBI (IC3) (30-Mar-2020)
Securing the “Work From Home” is quite a challenge, but it is not impossible. A combination of antivirus, antimalware, firewalls, VPNs, and more recently, SD-WAN does help. In fact, SD-WAN can play a significant role. Most tend to think of SD-WAN in terms of a complicated and expensive platform that can connect main offices, branches, etc. However, SD-WAN can be as simple as small, inexpensive devices that can be shipped to the homes we need to protect and then configured and managed remotely.
Now, if you think that nobody will mess up with your Wi-Fi As an additional benefit, SD-WAN at home can transparently aggregate a second broadband Internet service or a Wireless 4G/LTE connection, effectively increasing the bandwidth available for demanding applications like video conferencing, screen sharing, etc. Now your kids can keep squeezing every megabit out of your home Internet connection streaming to their heart’s content, and you will still be able to hold that important video conference in a more secure way and without freezing up.
For more about the benefits of SD-WAN, you can check the recorded version of my Webinar, “Reducing your Telecom Cost while Increasing productivity,” here: