Critical Security Vulnerabilities in Edge Devices Threaten SMBs
Introduction
Small and midsized businesses (SMBs) are facing a critical security challenge as major edge device vendors announce several security vulnerabilities that need to be patched. Asus, Zyxel, and Western Digital have recently released information about vulnerabilities in their router models and network-attached storage (NAS) devices, which could potentially allow cyber attackers to gain unauthorized access or execute arbitrary code. The increasing number of edge devices being connected to SMB networks has amplified the threat landscape, leaving many organizations vulnerable to potential cyberattacks. This article examines the recently disclosed vulnerabilities, the risks they pose to SMBs, and provides recommendations on how to secure the edge.
Critical Vulnerabilities in Asus, Zyxel, and Western Digital Devices
Asus released new firmware on June 19th to address nine separate vulnerabilities in their router models. One of the vulnerabilities could allow a cyberattacker to gain code execution ability. The most serious flaws include a critical memory corruption weakness (CVE-2022-26376) and a vulnerability that could lead to arbitrary code execution (CVE-2018-1160), both of which pose significant threats to the security of Asus routers.
Similarly, Western Digital announced that unpatched devices would be blocked from accessing the cloud as of June 15th. This decision came as a response to a severe vulnerability (CVE-2022-36327) impacting their MyCloud Home and other cloud storage devices, which could potentially allow remote code execution. Despite the high vulnerability-severity score, Western Digital waited for a month before blocking affected devices from accessing their cloud services.
Zyxel also released patches for code-injection vulnerabilities in three versions of their network-attached storage devices. The firmware command injection vulnerability (CVE-2023-27992) could enable an unauthorized user to execute operating system commands, posing a significant security risk.
SMBs at Increased Risk
The recent flurry of edge-device patch warnings highlights the fact that SMBs are increasingly vulnerable to cyber threats due to the growing number of devices connected to their networks. Experts estimate that the number of active Internet of Things (IoT) and edge devices worldwide exceeds 12 billion, with the expectation that this number will reach 27 billion by 2025. Many organizations, however, lack basic cybersecurity hygiene and monitoring practices, making them easy targets for threat actors.
Melissa Bischoping, the director of endpoint security research at Tanium, explains that while edge devices seem like an economic choice for SMB infrastructure, they are difficult to secure. The lack of monitoring and centralized management in these devices can result in vulnerabilities and insecure configurations that provide easy access to adversaries. Threat actors exploit these weaknesses and target edge infrastructure because they lack the depth of monitoring and visibility that endpoints have. Additionally, these devices often use open-source components, making them even more vulnerable to attacks.
Securing the SMB Edge
Securing the SMB edge requires a proactive approach and adherence to cybersecurity best practices. The following recommendations can help SMBs protect their networks and edge devices:
1. Conduct Device Inventory and Asset Discovery
Gaining visibility into the devices connected to an SMB network is essential. Using an agentless asset discovery solution can help identify all devices and their vulnerabilities. This information will enable cybersecurity teams to prioritize resources and implement effective security measures.
2. Prioritize Security Hygiene and Controls
Once an inventory of devices is established, SMBs should prioritize visibility and leverage that information to address patching, credential management, and configuration hardening. It is crucial to rotate default login credentials, employ secure authentication mechanisms, and enforce least-privilege access for accounts that log in to these devices.
3. Implement Automated Approaches
Managing firmware and password updates at scale for IoT and edge devices can be challenging. SMBs should consider adopting automated approaches to handle these updates effectively and efficiently.
4. Assess Network Connectivity and Exposure
SMBs should evaluate whether devices need to be connected to the internet or if they can be better suited for a more secure internal network connection. Restricting external access to critical devices can significantly reduce the impact of vulnerabilities.
5. Establish Clear Ownership and Lifecycle Management
Ensure that all devices have clear ownership and tracking of their lifecycle management. This practice allows organizations to identify and replace devices that have reached their end-of-life or end-of-support, mitigating the risk of exploitation.
6. Incorporate Software Bills of Materials (SBOMs)
For more mature organizations, integrating software bills of materials (SBOMs) can provide component-level visibility. An SBOM enables organizations to identify vulnerabilities and risks associated with open-source software components before vendors release patches.
Conclusion: Strengthening Cybersecurity for SMBs
The recent security vulnerabilities discovered in Asus, Zyxel, and Western Digital devices highlight the urgent need for SMBs to adopt robust cybersecurity measures. As the number of edge devices connected to SMB networks continues to grow, implementing effective security hygiene practices and leveraging automated solutions will be crucial. Remaining vigilant, conducting regular vulnerability assessments, and staying informed about software updates and patches will enable SMBs to protect their networks and mitigate the risks associated with edge devices. By adopting these practices, SMBs can fortify their cybersecurity defenses and reduce their vulnerability to cyberattacks.
<< photo by Michael Dziedzic >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Unlocking Insights: Cymulate Revolutionizes Threat Exposure Management
- Security Alert: Vulnerability Discovered in Microsoft Azure AD OAuth Apps
- Schneider Power Meter Vulnerability: A Window of Opportunity for Power Outages
- The Rising Threat: Condi Malware Hijacks TP-Link Wi-Fi Routers for Massive DDoS Botnet Attacks
- Securely Harnessing the Power of ChatGPT and Generative AI: Netskope Drives Enterprise Adoption
- Federal Agencies Receive Directive from CISA to Secure Internet-Exposed Devices
- Blackpoint’s $190 Million Funding Round Signals Growing Demand for MSP Cybersecurity Solutions
- “Asylum Ambuscade”: A Group Behind Massive Cybercrime and Espionage Campaigns
- The Digital Tightrope: Unveiling the Mounting Stressors Faced by CISOs
- The US Threat: China’s Security Industry Weighs Cooperation vs. Competition
- The Silent Intruders: Unveiling the Anatomy of iOS Zero-Click Spyware