While the Covid-19 pandemic seems to be behind us, hybrid work has emerged as a new reality. Many companies offer the option to blend home and in-office work, or completely remote work, even though the pandemic has subsided and the world has moved back toward normalcy.
Hybrid work seems to be here for good, but cybersecurity challenges often go unaddressed with this change.
As a result, cybercriminals are targeting this vulnerability within many organizations. The ZuoRAT malware is taking advantage of the shift to remote work by targeting routers to break into networks (reference). Previously it was much more difficult when employees were exclusively working in-office on heavily protected company networks. Cybercriminals have learned to exploit the lack of cybersecurity infrastructure in many home networks.
The remote access trojan (RAT) called ZuoRAT targets remote workers by exploiting flaws in small home office (SOHO) routers, which are often vulnerable due to a lack of security patches. While IT teams work hard to keep patches up-to-date for company networks, the risks of home networks are being forgotten within many organizations.
Not surprisingly, ZuoRAT was first used at the beginning of October 2020, just over six months into the COVID-19 pandemic, when remote work was at its peak. As cybercriminals often do, they capitalize on a new vulnerability before organizations are aware of or address the newly evolved risk.
SOHO routers, also referred to as consumer-grade firewalls, are especially vulnerable due to a lack of monitoring and security patches as they fall outside a traditional network perimeter. Unaccustomed to employees working remotely in 2020, security teams were not monitoring or performing necessary security updates to home networks of employees. This created an exciting new opportunity for cyber actors.
Guarding against threats is a crucial component of any prevention-focused cybersecurity plan. If we can support your business, let’s chat.