Between The Hacks

View Original

Is Working From Home A Threat To Your Home Network?

Fear that your work computer is a “zombie” computer controlled by a threat actor has likely not been high on the list of concerns for most new work-from-home employees in recent weeks. But the unfortunate fact is that your work computer might be the device that lets a threat actor into your home network. According to research conducted by cybersecurity companies, Arctic Security and Team Cymru, more than 50,000 U.S. organizations have sent their employees to a work-from-home environment with malware-infected computers.

How did this happen? The typical home network and the typical corporate network are very different. On a corporate network, your computer is well-protected. Firewall rules and cybersecurity tools block certain types of traffic that is known to be malicious or suspicious, so that if a device becomes infected, the malware is unable to reach a threat actor on the Internet. This is sometimes not the case when an employee takes their work computer outside of the corporate network to work at home. Without the corporate network cybersecurity tools in place, the malware can successfully reach the threat actor, thereby giving them access to your computer and the network on which it is running. These days, that network is likely your home network. Now, your malware-infected “zombie” computer is silently under the control of a threat actor who can see and possibly control your computer and explore your home network.

“Our analysis indicates that the employees’ computers were already hacked before COVID-19 made the news, but were lying dormant behind firewalls, blocking their ability to go to work on behalf of the threat actors,” explained Lari Huttunen, senior analyst at Arctic Security, a security services company in Finland. “Now those zombies are outside firewalls, connected to their corporate networks via VPNs, which were not designed to prevent malicious communications.”

These findings should be eye-opening for work-from-home employees and their employers. Team Cymru experts say that this research provides organizations with an unprecedented opportunity to assess the extent of compromise within their organizations, rather than hiding behind a “block and forget” security mentality. “Block and forget” means that the organization’s cybersecurity team block’s outgoing malicious traffic and then they forget about the issue, rather than finding and removing the malware.

While the cross-infection of networks is not a new problem, the massive amount of people suddenly working from home has illuminated how many companies follow the dangerous “block and forget” method of managing cybersecurity.

What Can Organizations Do?

Organizations need to address the problems, not the symptoms. The problem is that a computer is running malicious code and just blocking its ability to communicate with a botnet or threat actor doesn’t solve the problem. Organizations need to get rid of the malware itself. There is an old cybersecurity saying that states, “If a computer is infected with malware, it can no longer be trusted.”

If an organization practices the “block and forget” method, the malware can’t reach a threat actor on the Internet to give them access to your computer, but unless the malware is analyzed or removed, there is no way of knowing if the malware is doing something else malicious. Just blocking known communications channels is dangerous. Organizations must identify threats and remove them, like re-imaging or replacing infected systems.

Ultimately, the best option for organizations is to put security tools on each endpoint and implement a zero trust network, which means that the corporate network is treated much like a public network where no device is trusted and nothing is available to devices (like printers or network shares or web services) unless specifically provisioned to a device and/or user. This is a difficult thing to implement and it takes a lot of time and effort unless you have the luxury of building your zero trust network from the ground up.

What can you do?

Nobody asked for this pandemic and while I have been tough on the organizations who practice “block and forget”, they didn’t see it coming either. The best thing that you can do to protect your home network is to implement home network segmentation.

You can read more about that in my home network segmentation blog but there are also some simple and effective things that you can do today without purchasing anything.

  1. Firmware Updates: Log into your home router and check to see if there are any firmware updates. There likely are and unfortunately, many routers do not update themselves. Try to remember to do this at least a few times per year if not every month. And, for your next router, be sure it supports automatic updates.

  2. Operating System Updates: This should happen automatically each month, but just in case, check to see if your operating system has any security updates. Here are instructions for Windows and macOS.

  3. Guest Network: See if your home router offers a guest network. Most do these days and it is there to give Internet access to the guests in your home without giving them access to the devices on your home network. Activate the guest network with WPA-2 and create a good password. This is now your “work” network and will isolate your work computer from your personal devices but still give you Internet access so you can VPN into work, video conference, and surf the web without fear of a malware infected “zombie” work computer spreading the malware to your personal devices.

Historically, organizations have been very concerned about personal devices on their network. The Bring Your Own Device (BYOD) craze of a decade ago had cybersecurity teams working hard to give employees a way to stay connected with their smart phones and tablets without giving them intranet access. They did this by creating guest networks. Now the tables have turned and based on the research by Arctic Security and Team Cymru, the threat of malware coming from a work asset is a reality. It’s time to take control of your home network and isolate those work devices from your home network assets.