Usually, monthly patches from critical software vendors dominate both headlines and attention of patching teams. But, while rare, hardware updates released by vendors also require patches against equally dangerous vulnerabilities.
Notably, these updates often fall outside of standard IT patching processes and patching contracts.
Here’s the thing about hardware updates, though.
Because of incomplete asset lists, many hardware updates become easy to miss. Others still, may remain open because the asset is beyond the vendor’s end-of-life support.
Hardware vulnerability scans and asset inventories can effectively locate issues within your corporate firewall, allowing them to be mitigated or patched. However, modern IT environments may require additional protection measures.
Let’s take a look at some of the notable hardware updates you’ll want to know about.
CISA Warnings on Hardware Updates
The US Cybersecurity & Infrastructure Security Agency (CISA) recently issued another vulnerability alert.
As a result, federal agencies have only until September 29th to update Google Chrome, patch QNAP Photo Station software, and update D-Link routers. Although all patches are available, you’ll need to verify your products and patches are correct, due to the high risk these vulnerabilities present.
Network-attached Storage Devices = Ransomware Express
The Deadbolt ransomware gang currently focuses on network-attached storage (NAS) devices.
These NAS attacks focus on devices such as QNAP’s Photo Station, since they tend to be used as single-source repositories for a company’s information.
Once the gang accesses a NAS, they don’t have to risk detection through lateral navigation. This means they can effectively encrypt a company’s data with the least work possible.
Now, QNAP and other vendors advise you to disconnect these devices from internet access for the most effective protection. And yet, at the same time, they’re advertising these devices specifically to share files “across the Internet.”
That’s why you always need to pay attention to what’s actually going on.
The problem is that security teams can’t usually stop NAS attacks, since they happen so quickly and don’t generate enough alerts to trigger investigations.
Just take a look at some of the NAS attacks from this summer alone:
- ech0raix ransomware targeted QNAP NAS
- Deadbolt ransomware targeted QNAP PHP vulnerabilities
- Checkmate ransomware brute-force attacked weak passwords on SMB-enabled QNAP devices
- Zyxel issued patches for critical remote code execution vulnerabilities in their NAS firmware
While many other vendors provide NAS devices, over 300,000 QNAP devices connect directly to the internet, providing an enticing target.
Make sure you check your systems, just to be safe!
Open-Door Routers
Since routers don’t store information, attackers tend to exploit flaws to other ends. For instance, either accessing targets beyond the router, or enslaving the devices themselves.
The Mirai botnet variant, known as “MooBot,” currently targets four remote code execution (RCE) vulnerabilities, enslaving vulnerable D-Link brand routers.
Compromised devices experience unexplained DNS configuration changes, internet speed drops, router overheating, and unresponsiveness.
Compromised devices also require additional patching steps. You’ll need to follow the following three steps:
- First, push the physical button on the device to perform a reset.
- Second, change the admin password.
- Third, after the first two steps are complete, then you’ll need to install security updates.
Although applying patches prevents the exploitation of currently supported DLink models, older models can’t be patched. If you have older versions, they’ll require configuration changes to their admin panel, in order to deny remote access.
Similarly, Cisco declines to issue patches for authentication bypass flaws in end-of-life small business virtual private network (VPN) routers.
Since there’s no hardware updates for such devices, you’ll need to either replace them or disable VPN Server functions to stay safe.
Effectively Blocking Hardware Vulnerabilities
To block vulnerabilities, first, your IT team needs to know about them.
That’s exactly why you always need to maintain an asset list, complete with brands, installed software versions, and firmware versions.
Then, you’ll need to periodically verify this list to ensure it remains comprehensive and up-to-date.
Vulnerability assessments should also be regularly performed to check for missed patches, misconfigurations, and other known issues.
Of course, these requirements apply to all devices. In addition to NAS and routers, organizations need to worry about firmware vulnerabilities and patching for IoT and endpoint computers.
While most vendors issue patches promptly, some models don’t receive patches even over a year after a vulnerability is discovered. In these cases, other security controls need to be applied to protect your devices against exploitation.
Turning to Help
So, what happens when a vulnerable device lies within your employee’s home office network?
Usually, organizations determine employees bear the responsibility for patching within their personal networks.
But why? While that strategy might effectively place blame on someone else, it doesn’t change reality. If your company suffers a breach, from a lack of hardware updates or anything else, it doesn’t really matter how it happened.
Your employee is just as much a victim as yourself, can’t normally be held liable for any damages, and yet your business is the only one that’s damaged the most.
So, why rely upon the IT skills of the average non-IT employee?
Sure, you might be able to ignore critical hardware updates for low-level employees with limited access to your systems. However, high-value executives that regularly access critical information present a much higher risk profile.
For your most valuable employees and assets, this might mean extending your corporate IT environment into that employee’s home. After all, if it’s necessary, it’s necessary.
If it all sounds a little tricky, don’t worry. Help is always available.
For help with asset lists, vulnerability scans, or hardware updates, Blue Bastion, along with Ideal Integrations, can help. Simply contact us at 412-349-6680, or fill out the form below.
Our security experts will explain options for locating, remediating, and blocking vulnerabilities, both inside and outside of your corporate network.
And, as always, stay vigilant!
