CALL US: 216-397-4080  | CLIENT HELP DESK: 216-539-3686

A Man’s Home is His Castle. And It’s Under Siege

A Mans Home is His Castle. And Its Under Siege

Riverbank Ruminations; Observations from The Banks of The Technology River

Tom Evans~ Ashton Engineer Emeritus

In the past, laying siege was one technique employed in war. It worked well if your enemy was bottled up in a city supposedly protected by a large wall. The idea was to surround the city, prevent any egress or ingress, especially supplies, and wait for the enemy inside to surrender due to thirst or starvation. Meanwhile, the army on the outside had full access to supply lines and could wait things out. Unless of course there was a bitterly cold winter involved. Then things could get a little dicey.

Today most of us are under siege but it’s from an enemy we can’t see. COVID-19 has changed life in ways we never even imagined in February of 2020. In most states, people are out and about to some degree, but many are now working from home and will be for the foreseeable future. Infections and deaths continue to make the news and dealing with the pandemic certainly is part of the political landscape.

On the individual home front, the siege has been amplified by the not unexpected increase in spam and phishing attempts trying to cash in on headlines. As I write this in mid- September, the spam and phishing related to the election in November have yet to hit its peak. COVID-19 related spam and phishing on the other hand are doing quite well. Scammers see COVID-19 as a gold mine. In the early days of the COVID-19 pandemic, the volume of fraudulent emails and text messages spiked by more than 667%. Here are some samples:

  • Contact tracing. “Someone who came in contact with you tested positive or has shown symptoms for COVID-19. Officials recommend you self-isolate and get tested. More at www(dot)cdc.com/testing.”
  • Relief funds. “The FCC Financial Care Center is offering you $30,000 in COVID-19 relief. Claim at www(dot)fcc.com/relief.”
  • Cures. “Amazing COVID cure discovered. There’s hope! Sign-up for the trial here: www(dot)vaccine.covid.co/signup.”

Scammers will always try to cash in on current events. The election time will certainly see a similar spike in fraudulent emails. One resource I recently became aware of (and have not yet needed to use) is https://transparencyreport.google.com/safe-browsing/search. If you feel you must follow a link but have any reservations at all about it, you could submit the URL to this page or https://www.virustotal.com/gui/home/url. While this won’t protect you from doing something you regret after you get there, it at least gives you some security that just going to the page won’t cause you grief.

If working at home is new to you or your company, chances are good that your home network has not been secured to enterprise standards. The only firewall may be the one on your computer. You may not have anti-virus on your computer. You may not be up to speed on the latest targeted attack on your company. These issues result from being outside the direct control of your IT department, who should be more up to date on what is going on in the world concerning the bad guys. Let’s look at one example.

While there is a trend to cable cutting when it comes to entertainment, many still are customers of a cable company and that means there is a set-top box somewhere in the house and on your network. This article discusses vulnerabilities in two particular boxes that expose the household to being made part of a botnet or being victimized by ransomware.

The boxes as shipped “by their manufacturers with open telnet ports, an unencrypted protocol used for communicating with remote devices or servers. This could allow cyber-criminals to launch attacks such as DDoS using botnets, with the Avast team successfully executing the binary of the Mirai botnet to both devices.” These boxes are also shipped with an operating system that has not been maintained since 2017.  Right.  Nothing to see here, folks.

If that isn’t enough there is this:

Avast also believes an unencrypted connection between the devices and a pre-installed legacy application of the popular weather forecasting service AccuWeather could enable malicious actors to modify the content users see on their TVs when using this app. This could potentially lead to ransom messages being displayed, claiming that the users TV has been hijacked and demanding a sum to free it.

The problem not covered in the article is if you have one of the mentioned boxes on your network, it is essentially on your company network if you are working from home. This is a problem that many businesses need to address as the trend to WFH (work from home) continues into 2021 and perhaps beyond. The home network used to be something the business didn’t worry about. Now, it is inside the perimeter and needs to be addressed. Most home users and less concerned about security than the business is, although they should be equally concerned. The castle for business used to be a hard perimeter. That is less and less true as time passes.

If you’re concerned about your team’s ability to work efficiently and securely from home (you should be), give the Ashton Technology Solutions team a call at 216 455-9999.

Related Posts