As COVID-19 continues to spread and change the world we live in, people everywhere are taking serious considerations for their physical health.
Some, however, are taking things a step further by looking into their screens and taking another layer of safety into account: cybersecurity.
With employees globally shifted into remote work, home networking and other personal computing devices are now on the front lines for protecting corporate data and the enterprise.
Greg Young, Vice President of Cybersecurity at Trend Micro, puts it like this:
"In the best of times, remote workers are often left to their own devices (pun intended) for securing their work at home experience. Home offices are already usually much less secure than corporate offices: weak routers, unmanaged PCs, and multiple users means home offices become an easier attack path into the enterprise."
And now, U.S. senator from Virginia, Mark Warner, who is active on cybersecurity-related issues, is asking the makers of networking and router devices to do more to keep their products secure.
"I request your attention and diligence to help protect the consumer devices you sell," Warner wrote. "Both new and older devices in use deserve protection from cybersecurity threats, including timely updates to mitigate vulnerabilities and exposures."
Warner sent letters to these six manufacturers:
• Google
• Netgear
• Belkin
• Eero
• Asus
• Commscope
Overall, the theme of Warner's appeals to these vendors was ensuring cyber safety.
In his letter to Netgear, Senator Warner explained the increasing significance of network security during this inherently insecure time:
"During this time, the security of consumer devices and networks will be of heightened importance. It is also imperative that consumer Internet infrastructure not be used as attack vectors to consumer systems and workplace networks accessed from home."
He also asked these companies to remain up-to-date in their capabilities and best practices:
"I ask that you ensure that the devices your company has manufactured continue to receive timely security updates needed to mitigate known vulnerabilities. Given the increased reliance on home networks for telehealth, distancing learning, and telework, I also ask you to consider public outreach to alert your customers to steps they can take to better secure these products, including applying security updates."
This was part of his letter to each vendor asking them to maintain "cybersecurity hygiene."
The idea of maximizing home router security is not just an exercise that should be done; it may protect end-users from home router hijackings that are underway.
Recent research from Bitdefender identified an attack that's changing the DNS settings on home routers to redirect users to malware sites:
"What's interesting about the attack is that it stores malicious payloads using Bitbucket, the popular web-based version control repository hosting service. To make sure the victim doesn't suspect foul play, attackers also abuse TinyURL, the popular URL-shortening web service, to hide the link to the Bitbucket payload.
Sure enough, the webpage to which users are redirected mentions the Coronavirus pandemic, promising to offer for download an application that will give out “the latest information and instructions about coronavirus (COVID-19)."
Not only does this attack take advantage of COVID-19 fears, it also preys on everyone forced to socially distance and isolate at home for the good of their communities.
It's also a perfect example of what Senator Warner is talking about.
Many cybersecurity experts are similarly concerned about the rapid shift to remote employment.
"The cyber threat landscape has expanded rapidly because all of a sudden employees around the world are working from their homes," says Detective Constable Kenrick Bagnall of the Coordinated Cyber Centre (C3) for the Toronto Police Service.
Hear more about how Bagnall thinks the coronavirus pandemic has altered the threat landscape in this episode of the SecureWorld Remote Sessions.
These Sessions are daily cybersecurity briefings to help InfoSec leaders and teams learn and network while face to face collaboration is on hold.