With the growing trend toward the home office, cybersecurity must also be rethought. If employees use their work computers to access the Internet via their home network, even a secure VPN for the connection to the company won't help. This is because corporate security is then only as good as the employees' worst-secured home network. Basically, it should be assumed that at least one of the home networks or private smart devices is already compromised. The leap to the company computer and from there into the corporate network is then only a matter of time.

In an industrial company, this attack vector was recently identified, traced and cleaned up in the field by Rhebo Industrial Protector. A plant manager had accessed the manufacturing plant from his home office via a secured VPN. The initial message showed a new participant in the Operational Technology (OT). This subscriber began communicating with a variety of devices in the OT a short time later. The communication was interpreted by Rhebo Industrial Protector as a scan attempt. Presumably, the host wanted to use it to identify vulnerable devices and analyze the infrastructure. It was also noticeable that the new network subscriber communicated via protocols not previously used in the existing OT.

Based on the messages and information, the security officer of the industrial company was able to block the connection to the new network subscriber and prevent further actions. As a subsequent detailed analysis revealed, one device in the OT had a known vulnerability. This was also closed. The company computer of the person responsible for the system was completely rebuilt and the access data was renewed.