HomeOffice and Smart-Home as a gateway for hacks into corporate networks

[German]In times of the coronavirus pandemic, more people are working in their home offices but accessing company computers remotely. On the other hand, more and more IoT devices are finding their place in the home environment as part of smart home. Poorly secured IoT devices in the smart home are becoming increasingly interesting for cyber criminals. After all, a home network can be infiltrated via these IoT devices. If a user in this network uses a home office to remotely accesses the company network, there is an opportunity to infiltrate this network as well via vulnerabilities or poorly secured access points.

Companies and their employees have been plagued by ransomware attacks for years. Increasingly sophisticated ransomware families are capable of bringing entire offices or even smart factories to a halt. It is malware that usually infiltrates computers via malicious emails and encrypts important files. In this age of remote work, it's a particularly relevant threat.

The sudden change in work organization has forced many employees to set up makeshift offices using unsecured home networks and shared spaces. Home-based workers are more vulnerable to these subtle attacks, which take advantage of daily routines such as opening multiple emails. 

The security researchers at Trend Micro have taken up this issue and point out the lurking danger in the above tweet as well as in this article. The article also includes some advice on what you can do to prevent such attacks. 

• Avoid posting private information publicly to give attackers the opportunity to abuse this for attacks. Be mindful of the type of information you share online – make sure you only provide private information when absolutely necessary.
• Remote workers should use proven password policies for their email and other accounts (use eight or more characters and symbols, avoid repetition, sequences or patterns, and do not reuse passwords). Use multifactor authentication when possible.
• Windows users should enable file extension viewing in Explorer to better detect cloaked files that contain malware.

If the computer shows suspicious behavior, disable the Internet connection and call in corporate IT. In addition, Trend Micro recommends using tools and security features that are available. Hopefully, company IT will provide appropriate guidance here. Details can be found in the linked article.