Importance of Securing Edge Devices
Over the last few years, devices deployed at the boundaries of interconnected networks, also known as edge devices, such as routers and network-attached storage (NAS) devices have become the target of sophisticated malicious activity.
Growing Threat to Edge Devices
The discovery by researchers at Cisco Talos of the malicious software (malware) called “VPNFilter” highlighted the growing threat to edge devices. As of May 2018, researchers at Cisco Talos estimated that at least 500,000 home and office routers and network-attached storage (NAS) devices in at least 54 countries were infected with the VPNFilter malware. The known devices affected by VPNFilter were Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) devices.
VPNFilter is a particularly dangerous malware as it persists on the infected device even after a reboot, works as an intelligence-collection platform capable of file collection, command execution and data exfiltration, and possesses a self-destruct capability that overwrites a critical portion of the infected device’s firmware and reboots the device and as a result, potentially cutting off internet access for hundreds of thousands of victims worldwide.
Researchers at Cisco Talos said that they’re unsure how VPNFilter infected close to half a million devices but said that most devices targeted were particularly older versions, have known public exploits or default credentials that make compromise relatively easy. VPNFilter was ultimately degraded due to the coordinated actions between law enforcementand cybersecurity companies, including the seizing of the domain that was part of the malware’s command-and-control infrastructure.
According to the nonprofit organization Cyber Threat Alliance (CTA), the VPNFilter activity prompted CTA members to take a closer look at the growing threat to edge devices. “The scale of such a threat would be tremendous, as there are millions of devices that fall within these categories,” CTA said.
Why Edge Devices Are Vulnerable to Cyberattacks?
Unlike computers and servers, which are often given attention to by system administrators, edge devices, although vital to the operation of many organizations, are given very little or no oversight. Edge devices include network edge devices: routers, switches, wide area network (WAN) devices, VPN concentrators; network security devices: firewalls; network monitoring devices: network-based intrusion detection systems (NIDS); and customer premise devices: integrated access devices.
In the paper “Cyber Treat Alliance Joint Analysis: Securing Edge Devices”, CTA cited default configuration settings and backdoors as some of the reasons why edge devices are prone to cyberattacks.
Default Configuration Settings
Edge devices are typically shipped with pre-configured default settings, for instance, factory login details, leaving the task of manually changing these login details to the users to make these devices more secure. Many users, however, make no time in changing these factory login details, leaving the devices vulnerable to attacks.
A case in point under the default configuration settings is the Mirai – a malware which at its height infected hundreds of thousands of devices, many of them routers. These infected devices were then controlled by the attackers as a botnet or an army of infected devices used for malicious activities such as distributed denial-of-service (DDoS) attacks. The original Mirai malware is linked to the DDoS attacks on the website of cybersecurity journalist Brian Krebs. When one of the Mirai authors publicly published the source code of the malware, it was revealed that this malware successfully infected hundreds of thousands of devices by using 61 factory or default login details.
A backdoor is an undocumented way of gaining access to a computer system without going through the system’s customary security mechanisms. Vendors of edge devices install backdoors in these devices for administrative purposes to gain data on performance, maintenance or reliability. In some cases, backdoors are installed to aid law enforcement investigations. These backdoors, however, could be used by malicious actors to gain access to the device and the network.
A case in point under backdoors involves Barracuda’s hardware devices, including web filter, web application firewall and SSL VPN, which in November 2012 were all discovered by a security researcher at Vienna, Austria-based SEC Consult Vulnerability Labto have undocumented backdoor accounts that allow for remote access.
In addition to default configuration settings and backdoors, the CTA cited the fact that edge devices have no intrusion prevention systems or anti-malware solutions in place and the near 100% uptime of these devices which delays patching as the other reasons why these devices are vulnerable to cyberattacks.
As consequences of the vulnerabilities in these edge devices, the CTA said that these vulnerable devices have been used by malicious actors as a platform for
for future attacks, from the illicit use of computing power for cryptocurrency mining to monitoring traffic, establishing persistent access to target networks or systems, exfiltrating information, and launching offensive cyberattacks on networks to “deny, degrade, disrupt, or destroy information or infrastructure”.
Cybersecurity Best Practices
Malware such as VPNFilter and Mirai, backdoors, absence of anti-malware and anti-intrusion solutions and high uptime of edge devices necessitate that these devices need the same diligence as protecting your organization’s computers and servers.
As recommended by the CTA, here are some cybersecurity best practices in order to protect your organization’s edge devices from becoming the target of sophisticated malicious activity:
- Practice network segmentation.
- Ensure all factory login details are updated during the installation process and during every update.
- Install the latest security updates of all edge devices as timely as possible.
- Regularly review configurations of networking devices.
- Limit connections to the management interface to only trusted, secure hosts.
- Ensure that all communication between edge devices is encrypted.
- Regularly monitor the behavior of network edge devices.
- Buy edge devices only from trusted suppliers.
Your computer network might be vulnerable if you are using outdated devices or software. Call todayor emailto book a consultation and our IT and security expertswill be happy to help identify and address the vulnerabilities.