If you think hackers are only trying to get to your Windows machines, well, you’re wrong. In May 2018, the cybersecurity world was rocked by the discovery of VPNFilter, a highly sophisticated and destructive piece of malware that targeted routers and network-attached storage devices across the globe. Identified by Cisco's Talos Intelligence Group, VPNFilter highlighted a critical vulnerability in the very backbone of our internet infrastructure, affecting devices from well-known manufacturers, including Linksys, MikroTik, NETGEAR, and TP-Link, among others. This malware not only compromised the privacy and security of countless internet users, but also served as a stark reminder of the importance of keeping network infrastructure up-to-date.
VPNFilter was not a run-of-the-mill malware. It exhibited complex capabilities, including data theft, device exploitation for coordinated attacks, and the potential to render infected devices completely inoperable. Its persistence across device reboots—a feature not commonly seen in router-based malware—made it particularly menacing. With the ability to infect over half a million devices worldwide, VPNFilter underscored the global nature of cybersecurity threats and the ease with which outdated systems can be exploited.
The VPNFilter malware served as a wake-up call to the world about the vulnerabilities in network infrastructure and the catastrophic potential of sophisticated malware. It reinforced a fundamental cybersecurity principle: the need to keep network infrastructure up-to-date.
Outdated network infrastructure is like a creaky old door, it's an entry point just waiting for cybercriminals to exploit. CIS Safeguard 12.1 stresses the importance of keeping your network devices up to date.
Consider the following:
- Security Patching: Regular software updates for routers, switches, firewalls, and other devices are crucial for fixing security vulnerabilities. Neglecting updates leaves you exposed to potential threats.
- Enhanced Security: Updates often introduce new security features that strengthen defenses and deter cyber attackers.
- Improved Performance: Updates not only address security issues, but enhance device performance, ensuring smooth and reliable network operations.
Action Steps:
- Conduct Inventory: Maintain an updated inventory of network devices to ensure all are accounted for.
- Develop a Patching Plan: Establish a systematic patching schedule, prioritizing critical systems for immediate attention.
- Test and Automate: Test updates in a controlled environment before deployment and consider implementing automation tools to streamline the patching process.
Unfortunately, the fine folks at the Center for Internet Security have not completed this policy template. Feel free to join the CIS Controls Community to see how you can help.
Here are some details on this specific Control/Safeguard. If you want more detail, DM me.
CIS Control 12 – Network Infrastructure Management
Establish, implement, and actively manage (track, report, correct) network devices, in order to prevent attackers from exploiting vulnerable network services and access points.
Implementation Group 1
CIS Safeguard 12.1 - Ensure Network Infrastructure is Up-to-Date
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.