Here’s the word from the FBI: hundreds of thousands of firewalls are porous enough to drive a small business into the ground.
Sadly, that’s not hype – if anything, it may be an understatement. You know the brands: Linksys, MikroTik, NetGear, TP-Link, QNAP, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, ZTE. If you’re among the SMBs acquiring gear from big box stores, you may be putting your business at risk. Firewalls, after all, don’t fix themselves automatically.
In case you missed it (and if you did, you certainly weren’t alone), last spring, the FBI issued an urgent advisory recommending that users reboot their routers to thwart a Russia-linked malware infection responsible for compromising more than half a million devices. Cisco’s Talos threat intelligence team revealed the existence of the sophisticated malware – known as VPNFilter — that infected devices across at least 54 countries. According to Talos, the malware can “intercept network traffic and inject malicious code into it without the user’s knowledge.” A subsequent alert in early June revealed that VPNFilter is actually more noxious and has compromised more SMB routers than initially reported.
Since then, of course, massive attacks and breaches (Equifax, Marriott, Tribune Company, etc.) have become almost routine. VPNFilter, which effectively turns the firewall against the user, is a silent killer. It’s capable of disabling the infected device completely and rendering it unusable. It can be triggered on individual infected machines or en masse to cut off Internet access for hundreds of thousands of victims.
According to the IT journal Cyware, VPNFilter is believed to be the creation of Russian hacking group Sofacy, also known as Fancy Bear, APT28 and Pawn Storm. The group has been previously linked to several cyber attacks including the NotPetya ransomware outbreak, the BlackEnergy attacks targeting Ukraine’s power grid and the DNC breach during the 2016 presidential election. Per Talos’ analysis, significant similarities were observed between VPNFilter’s code and versions of the BlackEnergy malware.
For anyone who purchased a product like D-Link or NetGear from Best Buy or Wal-Mart, this is a wake-up call. Back to that matter about users not getting the memo: corporate IT departments acted quickly in response to the FBI advisory but small businesses and home users, dispersed as they are, were left to fend for themselves, largely in the dark. That memo you almost certainly didn’t get says in the strongest terms possible: you are not protected. You may unwittingly be relying on routers and other devices that threaten your computer network. To put it bluntly, bad actors in India and Russia are pounding on you, and they now have the full set of keys to the kingdom.
I’m not an alarmist by nature, but this hack is genuinely problematic, primarily because it illuminates a hole not simply in router/firewall security but in the way manufacturers and retailers communicate with users. Or don’t. For perhaps obvious reasons, neither affected manufacturers nor retailers have an incentive to alert small businesses and address the problem. IT professionals travel in a different crowd, one attuned to the language of risk. Small businesses tend to be more concerned with keeping the lights on.
If your server isn’t already in the cloud, it needs to be. VPNFilter was repurposed expressly to attack devices obtained via the consumer channel and deployed in environments where no one – and no technology – is available to monitor and log traffic.
As it has matured, the cloud has become the safest neighborhood in town. Indeed, data is considerably more secure in the cloud than parked on equipment under someone’s desk. Any cloud provider worth its salt brings to the task a phalanx of time-tested tools, procedures, and technologies that ensure continuous uptime, regular backups, data redundancy, data encryption, anti-virus/anti-malware deployment, multiple firewalls, intrusion prevention, and round-the-clock monitoring.
For SMBs, the perils of shortchanging security are clear. The firewall is supposed to be hardened against these kinds of threats, but how do you protect the network when your shield is vulnerable? That’s why it’s vital for small businesses to have a cloud hosting provider who will handle security for them, with intrusion detection and prevention technologies and the like as a given. In a time when hacks can be toxic, doing anything less is capitulation.
The good news is that bullets can be dodged. SMBs simply need to know where they’re coming from.