Recently, I had a chance to talk with Arun Vishwanath about social engineering, legacy systems, and security vulnerabilities on home devices, such as routers, on the Defrag This podcast.
1. Social Engineering Attacks
What’s concerning is the increase in these types of attacks, especially during the COVID pandemic. Very little seems to be getting done when it comes to policing it. The World Health Organization is one example that keeps coming up. Hackers are actively spoofing various health organizations to grab unsuspecting victims who might be just trying to get data on the pandemic, the latest news, or even find ways to help combat the virus. Fake charities have always been a problem, as well.
So, what can be done? Training and staying vigilant is the most important thing we can do, but how can companies police this better?
“It’s easy to do. That’s one of the things why this problem is going up,” Arun explains. “And it’s low tech.”
Social engineering is ‘low tech,’ yet it’s one of the most dangerous vectors of attack. In other words, you don’t have to be super technical to pull off a social engineering attack. Still, the damage can be malware that key logs passwords, steal personally identifiable information, and implants ransomware.
Most people think of black hat hackers as someone who is creating malware and using brute force or other hardware and software vulnerabilities to access networks and devices. That is a possibility, but not as prevalent as social engineering.
2. Legacy Hardware and Software
The next part of my discussion with Arun was about legacy systems. From my personal experience, I’ve worked with businesses in my sysadmin days that had systems five years behind in OS and other software updates. These were nonprofits, healthcare companies, and different types of companies in various regulated industries that could potentially expose customer data at multiple levels.
Arun pointed out, based on his research, that there are nearly 200 million legacy systems out there that could be potentially exposing sensitive data.
“There are two hundred million systems out there running Windows XP and Windows 7,” Arun states.
3. Vulnerbilities in Home Routers
Then we discussed the problems with remote work during the pandemic. Pre-pandemic, IT was only really worried about the network perimeter defenses within the office environment. The perimeter expanded once employees started working from home. Chances are many employees are working on devices that have not been updated in some time, or they are using network devices that have a multitude of vulnerabilities.
“The [home] network is not protected the same way,” Arun exclaims. “And last we looked, there was a survey that was done where they looked at the number of security vulnerabilities in the home routers, and there were like 125 security vulnerabilities.”
One hundred twenty-five security vulnerabilities is a serious number. That means, a hacker only needs to know one of those vulnerabilities to potentially gain access to a home device an employee is working on to grab company credentials, or even just personal credentials, such as a password.
Conclusion
Arun goes on to suggest a few ways to air gap sensitive systems on the home network and some tools that he uses to stay safe and secure while online. More specifically, this includes VPNs, air-gapped servers (or servers not connected to the Internet), and secure browsers, such as the Epic browser.
There are many ways that you can protect yourself from the above potential data security risks. Your IT team may not suggest all of the above and may focus more on say the social engineering side of things. Still, we are ultimately all responsible for making sure that we are using the most up to date hardware and software, as well as using security tools that make us more secure online.
You can check Arun Vishwanath's website at https://www.arunvishwanath.us/.