Self-isolation during the COVID-19 crisis means accessing information remotely and securely. Many homebound users turn to VPNs as a means of protection, but recent security incidents should remind us that this alone isn't enough.
New data is compounding initial reports that VPN usage is growing during the health crisis. VPN company VPNPro asked nine other VPN companies with a heavy consumer market presence how their usage had varied in the last few weeks. Consumer VPNs let people access the internet from proxy servers around the world, either to cloak their location for accessing content in other countries, or to shield themselves from local snoops sniffing their Wi-Fi. Most of these providers reported an uptick in VPN usage. Some of these them, like NordVPN and VyprVPN, also offer business solutions and they've seen a marked uptake of those services too. Surfshark VPN is even giving away six-month subscriptions to companies with ten employees or fewer.
Using a VPN to access the office is a start but there are other things we should take care of if we're to work more securely from home.
The problem is that a VPN alone won't save you from attackers out to compromise your network. In March, Bitdefender discovered an online campaign targeting home routers.
The attackers, focusing mainly on Linksys equipment, probed the internet for vulnerable routers and hacked them either using default login credentials or brute forcing the devices, according to the security company. They'd change the devices' domain naming system (DNS) settings, redirecting commonly-used web addresses to a scam site purporting to offer a COVID-19 app from the World Health Organization. Users who downloaded it were infected with the Oski inforstealer malware.
More recently, a researcher found a bug in the popular open-source router software OpenWRT that could enable attackers to insert malicious software onto routers in place of legitimate firmware updates. People can install either version 18.06.7 or 19.07.1 as a stopgap until a more permanent fix can be found.
Router hacks are nothing new, but they can be effective because most consumers don't think much about updating the firmware in their router and often won't know how. If you're a company with employees working from home, consider including security guidance for your employees that includes advice on hardening their network and making secure firmware updates part of their routine.