What are the two attacks that your home router may receive during telework?
Due to the influence of the new colon virus, the introduction of teleworks in Japan is increasing, but as it is, cyber attacks are increasing.The target of the attacker is the router at the home of an employee who is doing telework.Home routers are threatening corporate networks.What will the attacker do to the router in the process of employees?
Kaspersky has warned about the risks of home routers and routers for SOHO as a "router that will be the weakness of telework strategy" on the official blog, so I would like to sort out measures to protect home routers.
Companies cannot manage the routers in their employees' home
Most routers used by companies are taking security measures, such as updating their firmware.However, the routers used at home may not have sufficient security measures.
According to Kaspersky, the company said, "What devices are connected to the network?" "Is the router's firmware latest?"He pointed out that he could not know.
In addition, there is a problem that home routers and routers for SOHO have known vulnerabilities.The attacker abuses these vulnerabilities, hijacks the router, and builds a botnet.
In this regard, Kaspersky explains that "the router should be recognized as a small computer in which Linux operates."So what kind of attack can be done by abusing the router?
VPN connection hijack
In many cases, virtual private networks (VPN) are used to ensure employee network environments during telework.The data will be exchanged through a communication channel encrypted between the computer and the corporate infrastructure.
Many companies operate VPNs in split tunnel mode, but in this mode, traffic going to the server of the company through the RDP (Remote Desktop Protocol) connection is transmitted via VPN, and other traffic is encrypted.Pass through public networks that are not.
Normally, this operation is fine, but if the attacker has a router, you can create a DHCP (Dynamic Host Configuration Protocol) route and transfer RDP traffic to your server.This does not allow the VPN encrypted, but it is possible to create a fake login screen and enter the RDP connection certification information there.
External OS load
Another attack method is to use PXE (PREBOOT EXECUTION ENVIRONMENT).The recent network adapter uses PXE and reads the OS to the computer via the network.This feature is generally disabled, but some companies use it for the purpose of remotely restoring employee computers in the event of a disability.
Kaspersky pointed out that if the attacker could control the router through a DHCP server, it would be possible to send a tampered system address to a workstation network adapter for remote control.
Employees are unlikely to notice this movement, and in the meantime, the attacker can get full access to file systems.
Kaspersky recommends the following as a way to protect computers from these attacks.
![[Osaka Marriott Miyako Hotel] Plenty of cheese! Italian buffet held company release | Nikkan Kogyo Shimbun electronic version](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_9/2022/3/28/1061eb31530c979d7b766ae1877b113a_0.jpeg)
