The Zero Day Initiative (ZDI) organized the hacking competition Pwn2Own, which quickly showed the danger that home devices, for example in the home office, pose for the security of companies. Trend Micro's ZDI uncovers vulnerabilities and helps mitigate them.
Trend Micro announces the winners of its recent Pwn2Own hacking contest, held in Toronto late last week. During the event, the Japanese IT security provider's Zero Day Initiative (ZDI) awarded prize money worth almost one million euros for the discovery of 63 zero-day vulnerabilities. If these vulnerabilities were exploited in real cyber attacks, the potential damage in terms of time, data and financial losses would be many times that amount.
Home office devices - 63 vulnerabilities discovered
According to Statista, more than a quarter of all employees in Germany have worked at least partially from their home office in the past two years. However, this can increase the attack surface for businesses if home devices such as routers, smart speakers, printers, and network attached storage (NAS) devices are not properly secured.
Vulnerabilities discovered through Pwn2Own and Trend Micro's Zero Day Initiative feed into the security vendor's threat intelligence analysis. Increasingly networked networks of private users and companies can thus be better secured. Multiple waves of Deadbolt ransomware attacks that compromised NAS devices worldwide in 2022 highlight the increased business risk.
Vulnerable Small Office – Home Office Devices
An equally large security risk emanates from compromised SOHO devices (small office/home office) as a starting point for lateral movements within a network. Attackers can use these to gain access to a device connected to corporate resources. That's why this year's Pwn2Own competition featured a "SOHO Smashup" category for the first time, in which hackers had to hijack a wireless router and connected device. If the participants managed to take complete control of both devices within 30 minutes, they could win prize money of almost 100.000 euros and 10 "Master of Pwn" points.
The planned EU Cyber Resilience Act, which will set new minimum requirements for the security of networked products, also shows the increasing awareness of the risks emanating from SOHO devices. A new safety labeling system is also to be introduced in the USA.
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.