New Malware Targets Pandemic Shift to Remote Work

While the Covid-19 pandemic seems to be behind us, hybrid work has emerged as a new reality. Many companies offer the option to blend home and in-office work, or completely remote work, even though the pandemic has subsided and the world has moved back toward normalcy.

Hybrid work seems to be here for good, but cybersecurity challenges often go unaddressed with this change.

As a result, cybercriminals are targeting this vulnerability within many organizations. The ZuoRAT malware is taking advantage of the shift to remote work by targeting routers to break into networks (reference). Previously it was much more difficult when employees were exclusively working in-office on heavily protected company networks.  Cybercriminals have learned to exploit the lack of cybersecurity infrastructure in many home networks.

The remote access trojan (RAT) called ZuoRAT targets remote workers by exploiting flaws in small home office (SOHO) routers, which are often vulnerable due to a lack of security patches. While IT teams work hard to keep patches up-to-date for company networks, the risks of home  networks are being forgotten within many organizations.

Not surprisingly, ZuoRAT was first used at the beginning of October 2020, just over six months into the COVID-19 pandemic, when remote work was at its peak. As cybercriminals often do, they capitalize on a new vulnerability before organizations are aware of or address the newly evolved risk.

SOHO routers, also referred to as consumer-grade firewalls, are especially vulnerable due to a lack of monitoring and security patches as they fall outside a traditional network perimeter. Unaccustomed to employees working remotely in 2020, security teams were not monitoring or performing necessary security updates to home networks of employees. This created an exciting new opportunity for cyber actors.

What is the solution moving forward? Here are our three recommended steps to protect your organization: 

1. Review your defense-in-depth strategy for people working from home. We have seen (and currently manage) clients where executives have IT company managed firewalls and workstations at home. Alternatively, a company-owned laptop loaded with the business’s security tools is a significant upgrade over staff using their personal devices to remote into the office.
2. Continuously educate employees with security awareness training so they can spot high-risk situations. Many exploits require an end-user to fall for an unusual prompt (e.g., SSL certificate warnings).
3. Have an up-to-date Work From Home policy in place and review it annually. For the security section, be sure it meets what your cybersecurity insurance requires for remote employees. 

Guarding against threats is a crucial component of any prevention-focused cybersecurity plan. If we can support your business, let’s chat.