Most of us all work on laptops or desktops everyday. It’s pretty easy to assume that cybersecurity generally stops there. You’ve got your secure passwords, your antivirus, and that little icon on the bottom right telling you that you are secure—you should be good to go then, right?
Unfortunately, it’s more complex than that.
With the rare exception of certain industrial machinery and older equipment, almost every device that connects to your network and communicates with other devices has some level of cybersecurity risk. While you might have your individual workstations protected with antivirus and anti-malware, and you are keeping your workstations and laptops updated, the other endpoints and devices on your network can still be compromised and serve as a way in for other threats.
I think this list is going to surprise even our more technical readers.
Back in 2017, a hacker who calls themselves Stackoverflowin was able to write a script that hijacked 150,000 printers across the world. This includes printers from over 20 different manufacturers, including brands like Canon, Brother, Epson, HP, and Samsung. Stackoverflowin was able to send documents to these printers to print out messages. While the attack was otherwise harmless, it just goes to show that these devices can be controlled and manipulated very easily.
This type of attack essentially formed a thing called a botnet. We’ll be mentioning botnets again later on. A botnet is when someone has little control over a huge number of random devices across the internet. They can then use their army of devices to attack other entities on the internet, which leads us to our next topic:
In 2021, the world witnessed the largest recorded Distributed Denial of Services (DDoS) attack yet. A DDoS attack when a botnet of hundreds, thousands, or even millions of devices swarm together to constantly ping a single website or service on the Internet. Think of it as a grocery store that has way more foot traffic than it was intended to have, or a highway that gets backed up.
This attack hit its target with 17.2 million requests per second, which is three times larger than the largest DDoS attack before it. The attack came from a wide variety of compromised devices, but the majority were smart appliances and other Internet of Things (IOT) devices. IOT devices can include everything from smart light bulbs to thermostats to washing machines that connect to your smartphone. Here’s the thing; if cybercriminals can hijack these devices and use them to attack other entities on the Internet, they can likely use them to gain deeper access to more important systems on your network.
Securing your network is more important than ever, since these devices are everywhere. Speaking of your network:
All of the devices that send and receive network traffic throughout your office are just as vulnerable as the workstations and laptops that your users work on. In fact, just last month a new form of stealthy malware was discovered infecting popular home and small business-class network routers. It allows hackers to take full control over connected devices whether they are running Windows, Linux, or macOS operating systems.
It’s believed that this malware, dubbed ZuoRAT, was created by a large organization or nation-state, simply due to how complicated and advanced it is. It’s extremely hard to detect, and can potentially grant a lot of control to a malevolent actor. Beyond using it to control other devices on the network, it can also be used to push additional malware out, often bypassing other security measures that exist on the other side of the router.
Those teeny-tiny in-ear Bluetooth earbuds can even pose a risk if you aren’t careful.
It turns out that a vulnerability found in one of the microcontrollers within a handful of Bluetooth earbuds can be exploited so hackers can gain control over the device and join a botnet. Right now, this threat has only been toyed with by researchers (to our knowledge), but security experts were able to hijack their own Bluetooth earbuds and disable Bluetooth and wireless connections from the device it was connected to. That might not sound so bad, but imagine if your business had networked physical security in place that could be turned off with an exploit like this.
That doesn’t mean it’s time to ban all wireless headphones and earbuds from the office, but it does mean that you need to ensure that your network is hardened to protect it from general threats.
We can help protect your network and your business from the ever-growing list of threats. We take a security-first approach to everything we do. It all starts with an evaluation of your existing network. Give us a call at (866) 546-1004 to get an appointment.
Comments