Covid sparked a movement in remote working which studies show, the vast majority of Australians aren't wanting to let go of. Allegations of state backed hacker groups causing havoc and more and more high profile organizations falling prey to data breaches seem a common occurrence in these times. Are they related? Should you be concerned?

Notable Cyber Incursions

Dyn 2016 Cyberattack

In 2016, Dyn was one of the most critical internet infrastructure players at the time in the US providing DNS services.

On October DYN was hit with a staggering DDoS attack that took out huge swaths of the web. Sites like Twitter, Netflix, Spotify, Reddit suffered cripling interruptions and in some cases, blanket outages.

It was later revealed that a botnet known as Mirai was responsible for the attack.

The Mirai botnet works by scanning for vulnerable IoT devices that have open ports or default usernames and passwords. Once it finds these vulnerable devices, it uses exploits to gain access and infects them with its malicious code. It then takes control of those devices, turning them into an army of bots that can be used to overload networks and servers with requests that impact performance and in some cases, incite total shutdowns.

Whilst this did not occur during Covid, it demonstrates how home networks are vulnerable and can be weaponised.

How many old IoT devices do you have connected in your home? 🤔

Amazon Ring Cameras - Unauthorized Access

Amazon Ring is one of the leading video doorbell and home security companies around.

In 2023 the US Federal Trade Commission came to a $5.6 million settlement agreement with Amazon Ring to refund customers.

The FTC accused Ring of failing to implement basic security measures to protect users from threats such as credential stuffing and brute force attacks. Between January 2019 and March 2020, the FTC alleged that more than 55,000 customers had their Ring devices compromised. In some instances cybercriminals used the two-way communication to terrorise Ring customers:

• Several women lying in bed heard hackers curse at them
• Several children had racist slurs thrown at them
• An elderly woman in an assisted living facility was sexually propositioned and physically threatened
• A digital intruder told a woman through her camera that they had killed her mother, and then said: “Tonight you die”
• A woman was told her location was being tracked and that her device would self-destruct at the end of a countdown. She disconnected the device before the countdown ended.

It was also brought to light that a number of former Amazon Ring staff were dismissed as a result of misuse of their access to spy on customers through their cameras.

Sad to learn that the very product intended to provide security has instead become a vulnerability over the years. 😞

Lastpass 2022 Data Breach

If you haven't already heard of this one. Strap in. 🎢

For anyone who doesn't know, Lastpass is a password manager and vault application used by more than 33 million users globally.

In 2022, Lastpass had a BYOD policy in effect for their IT employees, like many other companies.

One of four DevOps engineers was targeted by an attacker. The attacker managed to compromise the staff member's laptop through an old vulnerability in a third-party media software package called Plex. Apparently this was used for personal purposes. The laptop was infected with a keylogger, allowing the attacker to capture the engineer's vault master password as it was entered. A tailgate approach was then used to gain access to the company's corporate VPN network and third party VPN services were used to mask the attacker's location.

The attacker ultimately gained access to LastPass’ technical documentation, source code repositories, credentials, certificates, AWS access keys, and data backups which contained customer and vault data.

It blows my mind that a company selling security related products so easily fell prey to this incident. The attacker was able to operate undetected by Lastpass for almost three months in their AWS networks.

Being a DevOps engineer myself, this story really hits home (all pun intended). 🏠

Home Router Vulnerabilities

As I write this article, F5 Labs reports the TP-Link CVE-2023-1389 as the most rapid growing vulnerability available to internet sensors on April 2024.

It's reported that exploit code for the CVE indicates malicious actors are taking over weak IoT devices to include in Mozi botnets.

Mozi has been linked to a wide number of vulnerable IoT devices, including routers from Netgear, Huawei, D-Link, GPON, and TP-Link.

Volt Typhoon

In March 2024, the US and its ‘Five Eyes’ global intelligence partners, issued a warning about a Chinese state-sponsored hacker group known as Volt Typhoon targeting critical infrastructure.

Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities. It's been alleged that the hackers have successfully gained access to communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam. The devices that have been compromised are laying dormant awaiting the right moment to strike. ⚡

The issue when they do strike is that generally, the activated devices are the ones which are geographically closest to the destination that is deemed a target. So to the Engineers trying to remediate the situation of malicious traffic… they're just seeing traffic from what appears to be normal, native users.

Turning Awareness into Action

I think I've laid it all out on the table for you. We've seen everything from widespread disruption to intimate invasions of privacy, and let's not forget, even the companies that pledge to protect our data have had their walls breached.

The underlying message here isn't just to scare you, it's to gear you up. 🛠️ If you are a company executive, or an IT professional and most especially… if you are allowed to work from home, then you really owe it to yourself to secure your network and to educate others on doing the same. It's not just about securing a device; you are fortifying an entire ecosystem. 🌐

Protecting your home network

I will admit that it took me several years to build the appreciation I have for the importance of security. For years I wanted to spend money on securing my home network and I never got around to it, until it dawned on me that there was actually so much at stake. I don't leave home without closing the back door, so why would I not take the same level of care with my home network? 🚪🔒

Firewall

You should already have one in your router, but can you do better?

Investing in a firewall device will provide you enhanced security features, better performance, more control and oversight of your home network.

• Advanced Security Features: You can implement intrusion detection and prevention systems, deep packet inspection, and application layer filtering which is well beyond the basic capabilities your router can offer.
• Performance: With a dedicated device handling all your firewall duties, your router has more resources to simply focus on managing your network traffic.
• Customisation & Oversight: You get more granular control over network traffic and security policies and can implement alerting or dashboards ensuring you have visibility of what's happening in your network.

Decent Firewall Devices for Home Networks

1. pfSense:

   • Overview: pfSense is an open-source firewall/router software distribution based on FreeBSD. It's highly customisable but comes with a bit of complexity.
   • Pros: Robust feature set, extensive documentation, strong community support, and flexible deployment options.
   • Device Recommendation: Netgate 4200 or 6100

2. Ubiquiti UniFi Dream Machine (UDM) and Dream Machine Pro (UDM Pro):

   • Overview: The UniFi Dream Machine line from Ubiquiti comes with advanced firewall capabilities and router functions. Generally easier to setup than pfSense.
   • Pros: User-friendly interface, seamless integration with other Ubiquiti products, and powerful performance.
   • Device Recommendation: The UDM is for typical home setups, while the UDM Pro is more suited for complex networking needs.

3. Fortinet FortiGate 40F:

   • Overview: Fortinet's FortiGate 40F is a compact and powerful firewall. It's got some comprehensive security features and excellent performance. Suitable for someone who needs enterprise level security.
   • Pros: High security efficacy, strong performance, and extensive features including VPN, antivirus, and web filtering.

Network Segmentation

Why Segment Your Network? 🧐

By splitting your network into VLANs for different purposes, you're creating secure barriers between networks. This helps in isolating any incidents but also reduces broadcast traffic by limiting it to the VLAN it originated from, which helps improve your overall network performance. You ultimately gain more control over your network.

I'm happy to share my plan on what I felt a secure home network with VLANs would look like:

• Guest Networks: Quite important. Not all guests share your same security hygiene practices. Having a guest corporate network also gives them a place for their company devices if needed. 👥
• Home Network: This is your personal family network where your personal devices connect. 🏠
• Corporate Network: Definitely a good idea to keep work and personal completely separate, as the Lastpass incident clearly demonstrated. 💼
• IoT Network: IOT devices are often less secure and definitely should have their own network/s. I've only documented one VLAN but it could be a good idea to have your IOT network isolated even further to have cameras on their own network. Yes, IOT does also include smart TVs and streaming devices, however I have them in the home network because my household relies on using remote features from our cellphones and I haven't spent the time to work out how to have all that work in separate networks. 📹
• Server Network: If you have a home server or any network attached storage, keeping it on its own network is also a good idea to protect your data. 🖥️
• Intruders Network: This is where you would send devices that are unauthorized or unrecognized on your network. MAC filtering is a good idea to make this possible. 🚷

Other Quick Wins

1. Upgrade Encryption: If your router doesn’t support WPA2 or WPA3 encryption, upgrade it. WPA3 provides strong security, ensuring only authorized users can access your network. 🔐
2. Update Your Hardware: Keep your modem and other hardware updated. If automatic updates aren’t available, find a way to get notifications for new updates to maintain security. 🔄
3. Secure Default Settings: If your modem is still on factory settings, change that now. Replace default passwords with strong, unique ones and adjust settings for maximum security. 🔒
4. Utilize a VPN: A VPN is great for anonymity and securing your data. It encrypts your internet traffic, protecting your online activities from snooping. 🕵️‍♂️

Notice