Do you have a small office / home office?
Researchers at Lumen's Black Lotus Labs recently spotted evidence of a highly sophisticated and tightly targeted campaign aimed at SOHO (small office/home office) routers across both Europe and North America.
Based on the evidence the team has collected thus far, their conclusion is that the unidentified actor must be state sponsored. This is because garden variety hackers do not typically have the tools, techniques, and procedures in place to pull off the kinds of attacks that the researchers are seeing.
It is telling that this campaign's ramp up coincided with the pandemic-fueled shift to large numbers of employees working from home.
A new report about this hacker campaign
"This (the massive surge in people working from home) gave threat actors a fresh opportunity to leverage at-home devices such as SOHO routers - which are widely used but rarely monitored or patched - to collect data in transit, hijack connections, and compromise devices in adjacent networks.
The sudden shift to remote work spurred by the pandemic allowed a sophisticated adversary to seize this opportunity to subvert the traditional defense-in-depth posture of many well-established organizations."
The report goes on to say
"The capabilities demonstrated in this campaign - gaining access to SOHO devices of different makes and models, collecting host and LAN information to inform targeting, sampling and hijacking network communications to gain potentially persistent access to in-land devices and intentionally stealth C2 infrastructure leveraging multi-stage siloed router to router communications - points to a highly sophisticated actor that we hypothesize has been living undetected on the edge of targeted networks for years."
My perspective
This is a genuine threat. Although your IT resources are likely stretched as thin as it is, one of the best ways you can minimize your risk is to assist your employees who are working from home with patch planning to make sure their gear is up to date and as well protected as possible.
Edward Murrow would say: good night, and good luck!
By Denis Wilson
Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.
For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.
I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.
Contact me if you would like me to speak to your association
