Overview
Following a recent alert from the UK National Cyber Security Centre (NCSC) about security risks in small office and home office (SOHO) routers and connected devices, we would encourage all business owners, professionals working from home and network operators to take steps to protect their personal and organisational networks.
Although the risk has been determined to be low from a local perspective, there remains the threat of device and network compromise, and individuals and businesses should take action to reduce the opportunity for this malicious activity to occur.
More information about this threat can be found in the link provided at the end of this advisory. Business owners, leaders and network operators are advised to understand and take mitigating actions regarding this threat if employees are working from home or work in a hybrid format.
Individuals are recommended to perform the actions below in order to better protect their personal data (and their organisation's data when working from home).
More advice about keeping your devices secure can be found here: csc.gov.im/advice-guidance/iot-and-smart-devices-staying-safe
Recommended Actions
- Check that your router is up to date with the latest firmware and security patches.
- Make sure your devices are running the latest supported software versions.
- Install updates as soon as they become available.
Most router and device manufacturers provide simple instructions online, and these checks only take a few minutes. Taking these steps can help protect both your personal and professional information.
References
More information and guidance for organisations can be found on the following page:
UK NCSC Alert & Guidance - https://www.ncsc.gov.uk/news/apt28-exploit-routers-to-enable-dns-hijacking-operations