Botnet Attack Targeted Routers: A Wake-Up Call for Securing Remote Employees’ Hardware

Update: Multiple U.S. and planetary authorities agencies released an advisory Feb. 7 detailing the Volt Typhoon attacks. The menace actors targeted and compromised the IT environments of U.S. communications, energy, proscription and h2o infrastructure successful the continental U.S. arsenic good arsenic non-continental areas and territories, specified arsenic Guam.

Original article: State-sponsored hackers affiliated with China person targeted tiny office/home bureau routers successful the U.S. successful a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced connected Wednesday, Jan. 31. Most of the affected routers were manufactured by Cisco and NetGear and had reached end-of-life status.

Department of Justice investigators said connected Jan. 31, 2024, that the malware has been deleted from affected routers. The investigators besides chopped the routers disconnected from different devices utilized successful the botnet.

IT teams request to cognize however to trim cybersecurity risks that could stem from distant workers utilizing outdated technology.

What is the Volt Typhoon botnet attack?

The cybersecurity menace successful this lawsuit is simply a botnet created by Volt Typhoon, a radical of attackers sponsored by the Chinese government.

Starting successful May 2023, the FBI looked into a cyberattack run against captious infrastructure organizations. On Jan. 31, 2024, the FBI revealed that an probe into the aforesaid radical of menace actors successful December 2023 showed attackers sponsored by the authorities of China had created a botnet utilizing hundreds of privately-owned routers crossed the U.S.

The onslaught was an effort to make inroads into “communications, energy, transportation, and h2o sectors” successful bid to disrupt captious U.S. functions successful the lawsuit of struggle betwixt the countries, said Wray successful the property release.

SEE: Multiple information companies and U.S. agencies person their eyes connected Androxgh0st, a botnet targeting unreality credentials. (TechRepublic) 

The attackers utilized a “living disconnected the land” method to blend successful with the mean cognition of the affected devices.

The FBI is contacting anyone whose instrumentality was affected by this circumstantial attack. It hasn’t been confirmed whether employees of a peculiar enactment were targeted.

How to trim cybersecurity risks from botnets for distant workers

The information that the targeted routers are privately owned highlights a information hazard for IT pros trying to support distant workers safe. With IT members not overseeing the routers utilized astatine home, it is hard to cognize whether employers whitethorn beryllium utilizing aged oregon adjacent end-of-life routers.

Botnets are often utilized to motorboat distributed denial of work attacks oregon to administer malware, truthful defenses against those are important components of a implicit defence against botnet attacks. Botnets are typically led by a centralized bid and power server.

Organizations should guarantee they person bully endpoint extortion and proactive defenses, specified as:

• Security accusation and lawsuit management solutions.
• Security orchestration, automation and effect solutions (with oregon without generative AI components).
• Cybersecurity policies for distant employees.

Software and hardware should beryllium kept up to date, since end-of-life devices are peculiarly vulnerable. In bid to harden devices against being utilized successful botnet attacks, tally regular information scans, institute multifactor authentication and support employees informed astir cybersecurity champion practices.

In the Feb. 7 advisory, the Cybersecurity and Infrastructure Security bureau released the pursuing mitigations for IT teams to forestall Volt Typhoon activity:

1. Apply patches for internet-facing systems. Prioritize patching captious vulnerabilities successful appliances known to beryllium often exploited by Volt Typhoon.
2. Implement phishing-resistant MFA.
3. Ensure logging is turned connected for application, access, and information logs and store logs successful a cardinal system.

“Proactively conducting thorough tech inventories of assets beyond the accepted bureau is essential,” said Demi Ben-Ari, main exertion serviceman of third-party hazard absorption exertion steadfast Panorays, successful an email to TechRepublic. “This attack assists successful identifying outdated technology, ensuring that distant workers person up-to-date and unafraid equipment.

“While distant enactment introduces imaginable vulnerabilities owed to varied environments, it is important to enactment that akin attacks could hap successful an bureau setting,” Ben-Ari said.