A multi-stage remote access malware trojan called ZuoRAT is currently being deployed against a wide variety of small office/home office routers (also called SOHO’s) in the United States and Europe. Security analysts believe this malware campaign to be the work of state-sponsored hackers. At least 80 cyber victims have been reported thus far (DARKReading, Nathan Eddy, ZuoRAT Hijacks SOHO Routers From Cisco, Netgear, June 29, 2022, https://www.darkreading.com/remote-workforce/zuorat-hijacks-soho-routers-cisco-netgear). Although ZuoRAT is making headlines this week, it has been around since 2020, coinciding with Covid lockdowns and employees migrating to work from home. With employees working from home to access business networks, home routers are juicy targets ZuoRAT hackers because most homes and small business offices use a consumer-grade router, which tends to prioritize speed over security. It is too early to know how ZuoRAT has impacted the recent cyber victims, but I suspect ransomware, identity theft, and banking fraud will be involved when more reporting comes out. In this blog, I’ll share more detail about what ZuoRAT is and offer some suggestions to help protect against it.
What is ZuoRAT?
As mentioned above, ZuoRAT made its debut in 2020. This malicious campaign started approximately at the same time as the pandemic, and security analysts believe it is no coincidence the two are connected. This is because businesses shifted to remote working and employees began accessing business networks from home. ZuoRAT leverages known vulnerabilities to provide the attackers with access to the routers. Once in, they’re able to deploy two additional, custom-built RATs on devices used by the router. The additional RATs allow hackers to upload and download files, run commands, and drive the workstation (TechRadar.pro, Sead Fadilpašić, Attackers are infiltrating routers to take control of connected devices, June 29, 2022, https://www.techradar.com/news/attackers-are-infiltrating-routers-to-take-control-of-connected-devices).
Types of Routers that Being Targeted
According to Lumen Black Lotus Labs, which is currently researching ZuoRAT, the routers affected are, “but were not limited to: Cisco RV 320, 325 and 420; Asus RT-AC68U, RT-AC530, RT-AC68P and RT-AC1900U; DrayTek Vigor 3900 and unspecified NETGEAR devices (DARKReading, Nathan Eddy, ZuoRAT Hijacks SOHO Routers From Cisco, Netgear, June 29, 2022, https://www.darkreading.com/remote-workforce/zuorat-hijacks-soho-routers-cisco-netgear).”
How to Protect Against ZuoRAT?
• Implement a “Human Firewall” Via Education
Educate employees/network users on how to protect their home networks, their passwords, and their financial information. If you work from home or have an employee(s) that works from home or a hybrid of both, try to educate, encourage, and incentivize the family to practice and maintain cybersecurity hygiene too.
• Upgrade to a Commercial-Grade Router
Generally, consumer-grade routers tend to prioritize speed over security, and commercial-grade routers prioritize security over speed. Most homes and small business offices have a consumer-grade router. Nevertheless, there are very affordable commercial-grade routers that prioritize BOTH security and speed for homeowners, small businesses, and employees working from home on the market. Unfortunately, the first time we get to share this tidbit is usually after there is a problem. Many customers have shared with us they did try to be proactive to get more router security, but browsing technical specs online only made things more confusing rather than what makes the most sense for their needs. As Lumen Black Lotus Labs notes, "the consumer router space is ripe for targeting because these devices reside outside of the traditional security perimeter, and they are rarely monitored or patched," Adamitis adds. "This is only exacerbated by the rapid shift to remote work at the start of the pandemic (DARKReading, Nathan Eddy, ZuoRAT Hijacks SOHO Routers From Cisco, Netgear, June 29, 2022, https://www.darkreading.com/remote-workforce/zuorat-hijacks-soho-routers-cisco-netgear),” At RB’s Computer Service, we would be glad to help you navigate commercial-grade router options. For a no-obligation consultation, contact us today at 763-441-3884.
• RB’s Managed IT Service Agreements
If you have heard this before, I might sound like a broken record here, but for the price you pay for lunch each day of the month, most homeowners, small businesses, and employees could have an RB’s Managed IT Service Agreement. In addition to making sure your router is buttoned up with proactive monitoring and the latest security, we can help you take preventative steps to protect your entire computer network. For a no-obligation Managed IT Service Agreement consultation, contact us today at 763-441-3884.
Bottom Line
According to a recent survey, nearly a quarter of the respondents (23%) named securing the remote workforce as their top priority for 2022. If this is a priority for you too, upgrading to a commercial-grade router is the first critical step you can take. At RB’s Computer Service, we have affordable and uncomplicated options for you to consider. In addition to commercial-grade routers, RB’s Computer Service offers ransomware protection strategies, managed IT services, and malware removal. We also sell the best laptop computers, best desktop computers, business computers, computer parts, and computer monitors. For iPhone, smartphone repair, and tablet repairs, contact us today via phone or email: 763-441-3884, help@rbsmn.com.