The latest cybersecurity trends, best practices, security vulnerabilities, and more
Small Business, Mighty Attack Surface
By Trellix · August 3, 2022
This blog was written by Douglas McKee
If given the chance to name the first five businesses that come to mind, what would they be? Maybe if you're close to the security industry you might suggest names like Microsoft, Apple or Google. Maybe your mind may drift to giants such as Disney, Coca-Cola, Amazon or Walmart. What if we consider what would be top of mind for threat actors, would the list be the same? In 2020 the U.S Small Business Administration reported that there are 6 million small businesses with fewer than 500 employees in contrast to around 20K large businesses. Small business made up for over 10 million new jobs in the last decade compared to around 5 million for large businesses. While we may forget about this massive attack surface, our adversaries have not.
According to RiskRecon, during 2020 and 2021, data breaches at small businesses globally jumped 152%, while during the same time period breaches at larger organizations rose 75%. Just like a contractor wouldn’t use the same tools, techniques, and tactics to dig a post hole as they would for a swimming pool – malicious actors adjust what they target to ensure they effectively compromise the vast landscape of small business.
Recently CISA released an advisory about People’s Republic of China (PRC) state-sponsored exploitation of network devices typically used in Small Office and Home Office (SOHO) settings. Included in this list is CVE-2020-8515, related to a DrayTek small business router. At Trellix, our vulnerability research team is constantly working to anticipate high value targets for well-known threat actors going after the enterprise sector. Today, we released brand new research disclosing a new zero-day vulnerability, CVE-2022-32548, which is a pre-authentication attack that allows for complete control of the Vigor 3910, DrayTek’s latest small business router.
Why does yet another vulnerability in a SOHO router matter? Because in 2019, 360Netlab Threat Detection System observed two different attack groups using two zero-day vulnerabilities targeting various DrayTek Vigor enterprise router. Because in March of 2022, Barracuda reported small businesses are three times more likely to be targeted by cybercriminals than larger companies. Because just last month the ZuoRAT malware was observed infecting numerous SOHO router manufacturers, including ASUS, Cisco, DrayTek and NETGEAR. In short, it matters because major threat actors like the PRC are dictating it matters.
Edge devices themselves, such as routers and firewalls are rather uninteresting, however these devices are the gateway that protect the soft underbellies of companies. Once compromised, it's the open doorway into the rest of a network that is enticing for the adversary to perform the same level of research our team performs. A compromised edge device can lead to intellectual property theft, sensitive customer or employee data loss, access to camera feeds, the opportunity to simplify the deployment of ransomware and in some cases a foothold into a network for years to come.
When talking specifically about small business, Chad Paalman, the CEO of NuWave Technology Partners indicated, “They [small business leaders] assume that if they have a firewall, then they have a padlock on the door and no one can get in. They also assume that if their security has been outsourced to a managed service provider (MSP), log monitoring is happening, or the service includes intrusion detection.” This misinformation or mindset is dangerous to small businesses. It is imperative to understand you are a target no matter the size or type of business. Data continues to demonstrate that not only is this space a target but often a more likely target. It is critical for SOHO and SMB users to understand their networks, stay update to date on all vendor patches and immediately report breeches to law enforcement. Additionally, the support of 3rd party security auditing like the release of our DrayTek research today further strengthens the entire industry. We would like to complement DrayTek’s response and support of our research, clearly demonstrating their security first mindset and desire to help protect the SOHO market.
Dec 4, 2023
Trellix Extends Virtual Intrusion Prevention System with AWS Gateway Load Balancer
Nov 28, 2023
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
Nov 27, 2023
Trellix Announces Cybersecurity Generative AI Innovations Powered by Amazon Bedrock
Nov 22, 2023
Trellix Hosts Zero Trust Strategy Virtual Forum
Nov 16, 2023
Trellix Detects Collaboration by Cybercriminals and Nation-States
The latest from our newsroom
By Brian B. Brown · October 16, 2023
Get a recap of key learnings from the Ransomware Detection and Response Virtual Summit and learn to protect your organization against ransomware attacks.
By Nico Devoti · October 9, 2023
Trellix SIA Business Development lead explains the evolution of Trellix Security Innovation Alliance (SIA) partner program, its unique benefits, and why this should be top of mind for customers.
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.