Back in May, researchers discovered that hackers had gained access to over 9,000 ASUS home routers, enabling them to access and potentially control users’ systems. Even though ASUS addressed the flaw, the number of infected routers continues to rise. You’ll need to take action to protect yourself and your business.
Beyond the immediate threat, the ASUS router breach is a cautionary tale for small- and mid-sized companies: Your employees’ home networks might not be directly linked to your business, but accessing your staff’s personal information can still give them a way in.
What Happened in the ASUS Router Hack?
Over several months, a hacking group known as ViciousTrap methodically gained access to over 9,000 ASUS RT-AX55 home routers. They used a complex chain of exploits to install a hidden backdoor, that’s incredibly challenging to detect or remove.
According to GreyNoise, which discovered the breach, this hack may have been part of an effort to create a botnet: a network of remotely controlled computers that hackers use to conduct large-scale operations and hide their identities and locations.
ViciousTrap’s ultimate goal remains unknown, but it may have been working to collect information on unknown security flaws. Also zero-day vulnerabilities, these are some of the most potent ammunition hackers can come by.
ASUS quickly addressed the issue in a firmware patch, but they could only do so much. Their patch prevents this exploit from being used in the future, but an existing backdoor will still remain unless you disable the router’s secure shell protocol. On top of that, users who ignored the patch or have outdated equipment are still getting infected.
What To Do If You’re Vulnerable
If you use a vulnerable router, don’t panic. Hackers love it when you make rash decisions. Instead, slow down and take a deep breath.
The good news is, there are things you can do right now to help protect yourself. If you’re not sure how to do them, a managed security service provider (MSSP) in your area can help.
Update Your Router’s Firmware
Updating your router’s firmware will remove this exploit. However, it won’t get rid of an existing backdoor.
Block IP Addresses Associated With the Attack
GreyNoise detected four IP addresses which were involved in the attack:
- 101.99.91.151
- 101.99.94.173
- 79.141.163.179
- 111.90.146.237
Block these addresses to reduce your vulnerability to attacks from the same group. You may be able to do so in your router’s settings, your firewall, or your web hosting control panel.
Consider Resetting or Replacing Your Router
If you have reason to believe your router has been compromised, you can still protect yourself. Here’s how:
- Perform a full factory reset, then reconfigure it manually.
- Disable secure shell protocol access, a setting that enables trusted users to remotely control your computer. This can make it harder to get technical support in the future, so be careful.
- If you want to be completely certain you’re safe, just get a new router.
6 Takeaways for Businesses from the ASUS Router Breach
There’s plenty for businesses to learn from this breach. Here are our top five takeaways:
1. No System is Impenetrable
A core tenet of cybersecurity is that everything has vulnerabilities. That means two things:
- There’s no such thing as an impenetrable system. There are only systems that haven’t been penetrated yet…as far as you know. There’s always some flaw or weakness that a hacker could exploit.
- Anything can be a vulnerability. It’s not just about computers and phones: Any networked device, no matter how mundane, is a potential vector for cyberattacks. (We’ve once saw a hacker get into a company network through the printer.)
This is especially important for small- to mid-sized businesses to keep in mind because few of them have a dedicated cybersecurity team to ensure their devices are secure.
2. Patch, Update, and Upgrade Everything
Even after ASUS patched this vulnerability, the number of infected devices kept rising. That’s because outdated devices don’t receive security patches, making them wide-open targets for hackers.
Small businesses and home users both tend to keep using old, unsupported hardware because it still works and it’s expensive to replace. However, the longer a device is on the market, the more likely hackers are to find a vulnerability. Vendors fix these issues with ongoing patches and updates, but they eventually stop supporting older devices.
Even on supported devices, users ignore up to 87% of security updates because they’re annoying and disruptive. That’s understandable, but it still led to thousands of easily avoidable breaches in this case alone.
The lesson here for businesses is simple: Keep your gear up to date. Update your software, make sure all your hardware is still supported, and don’t shoo away those pesky security alerts – no matter how much you want to.
3. Your Employees’ Home Life Impacts Your Cybersecurity
You might work hard to protect your staff’s work-life balance, but hackers aren’t so respectful. They know personal data contains clues that could help them gain access to your business, so they often target your employees as a prelude to an attack on your company.
Even if it’s unrelated to your business, a personal data breach is an emergency that can keep employees home as surely as an illness or a car crash. A victim of identity theft may need a day or more at the DMV to resolve the issue. If your head of sales has their credit cards stolen, they might not be able to catch a plane to meet a key client.
4. Insure Employees Use Personal Devices Safely
Once hackers have breached one device on your network, they can use it to access others. If an employee responds to a work email from their phone over a breached home router, that phone and email are both compromised. If they take that phone to work and connect to your network, your business becomes vulnerable as well.
Ideally, employees shouldn’t use their personal devices for work at all, but that’s not always realistic. In most sectors, people will inevitably use their own devices for work, whether or not you allow it. The best you can do is to give them a secure way to do so.
Here’s how:
- Protect your office devices and networks with a robust set of cybersecurity tools, including Managed Detection and Response (MDR) tools.
- Encourage employees to use company-issued devices for business purposes whenever possible.
- Establish a clear policy on the use of personal devices for business purposes.
- If you allow employees to use their own devices, require them to install your approved security tools and configurations.
- If you don’t allow personal device usage, give employees an alternative like a business phone or laptop they can take home.
- Remind them to keep up with all security updates for their personal devices.
- Require remote workers to connect to your network through a VPN.
- Ensure employees use a password manager for work-related passwords, and encourage them to do so for personal passwords as well.
5. Help Employees Update Their Personal Devices
Whether or not it’s used for work, any device that has contact of any sort with your network is a potential vulnerability. That’s why it’s critical to track all your employees’ devices and ensure they’re up to date. Some businesses even provide an incentive to help their staff upgrade personal devices.
Many businesses find it challenging to track all employee personal devices and make sure nothing slips through the cracks. Most established MSSPs offer device inventory and access management as part of their core service package to help with this.
6. Offer Cybersecurity Training and Education
Cybersecurity tools do a great job of protecting your business when they’re used properly. But if an employee unwittingly lets a hacker in, there’s only so much these tools can do.
Hackers have learned that tricking a person is usually easier than hacking a system, and the rise of generative AI enables them to target as many people as they want. Your employees, not your networks, are the primary targets for most cyberattacks.
However, employees can also be your first line of defense. You just need to show them how. With a mandatory cybersecurity training program, you can teach your employees to identify and report most scams. It’s the single best way to protect your business from hackers.
Protect Your Business with Expert Support
Every organization needs to protect itself from cyber threats, but maintaining an in-house IT and cybersecurity department just isn’t feasible for most small to mid-sized businesses. That’s where managed IT and cybersecurity services come in. Whether you need an expert team to implement your digital security suite or help training your employees, a reputable MSSP like LogicalNet can help.
A good MSSP won’t just set up your cybersecurity tools and keep your technology up to date. They’ll assess your risk profile, make security recommendations that fit the needs of your business, keep track of employees’ personal devices, and educate your team about digital security.
If you’re ready to get help securing your business, contact us today. We’d love to schedule a consultation and find out how we can help you stay safe. If you’re not in the Capital Region, we’d be happy to refer you to a reputable MSSP in your area.
