Prior to the pandemic, remote and home networks were a relatively small concern from a risk perspective. During the pandemic, this risk skyrocketed as employees were required to rely on their home network as an extension of their corporate network.
This risk is not new. What is new is the number of compromised devices in the wild…and, increasingly, potentially putting corporate entities at risk.
Lumen’s Black Lotus Labs identified Raptor Train as one such bot network starting in 2023. Raptor Train is likely driven by nation state threat actors and has grown from over 60,000 actively compromised devices in June 2023 to now over 200,000 devices. These devices include SOHO routers, IoT devices, NVR/DVR devices, NAS servers and IP cameras.
This botnet is also suspected of launching other exploitation attempts against Atlassian Confluence servers and Ivanti Connect Secure appliances.
More information on Raptor Train: https://assets.lumen.com/is/content/Lumen/raptor-train-handbook-copy
From the CIO perspective
Risk footprint has long since been a concern for CIOs and CISOs. Reducing your footprint and potential threat vectors is key. There are a couple of steps to consider:
- Educate: Educate staff on ways to secure their home networks and present reasons why this is critical for them personally and professionally.
- Update: Ensure that devices are updated with the latest firmware and security patches.
- Identify: Engage your CISO’s organization to identify risk vectors, prioritize and ways to mitigate them.
- Communicate: Communicate up and out. Communicate with staff to educate them. Also communicate with your executive team and board to ensure that they are also up to speed on current state and ongoing efforts.
- Evaluate: Good security is an ongoing process. Ensure that you are tied into local, state and federal law enforcement groups along with your cybersecurity partners to ensure you have the latest intelligence.
Discover more from AVOA
Subscribe to get the latest posts sent to your email.