Are Hackers Using Your Employees’ Home Networks to Attack You and Them
The short answer to this is yes.
Why? Because no one is managing your employees’ home networks.
We have seen networks where the firewall has not been patched for years.
We have also seen home networks with no firewalls at all. Doesn’t your ISP provide you with a firewall? The answer is that they may. But even if they do it is probably configured to reduce the number of tech support calls that the ISP fields, not to maximize your security.
We have seen firewalls that have not been supported by the manufacturer for many years. After all, it still works so why should the ISP replace it. At their cost.
Of course, firewalls are only one device on your employees’ home networks.
What about all of the home gadgets like Siri and Alexa. Well some of them patch themselves – at least as long as their manufacturer chooses to support the device. The manufacturer MAY tell your employee when the device is no longer supported. Then again, maybe not. Do you think your employee understands which devices are being patched and which ones are not?
Optimally, you should isolate those devices on their own sub-network. Probably 1 in 1,000 home networks do that.
Just this month we have seen two issues with routers.
The first is Zyxel. They said that hackers are actively exploiting unpatched routers.
The other is Asus. They say owners should patch critical router vulnerabilities.
How many of your employees even know the maker of their network equipment?
Almost none of them patch those network devices so that they are less vulnerable.
Of course attackers know this so they target those home networks.
What do they do after they compromise those home networks? They use that beachhead to attack your employees’ computers and also to attack your corporate network.
Need help figuring this out? Contact us.
As a White Hat Hacker, this is exactly the way I would attack a corporate network. It’s a lot easier than a Corporate firewall.