1. Analysis
August 3, 2022updated 02 Aug 2022 9:41pm

Trellix unearths “devastating” cybersecurity vulnerability: 200,000 small businesses at risk

Trellix has discovered a vulnerability in WiFi routers developed by DrayTek, which could put hundreds of thousands of small businesses at risk.

By Jake Mainwaring

A vulnerability in WiFi routers developed by DrayTek could put hundreds of thousands of offices at risk of being hacked, according to cybersecurity company Trellix.

“Exploitation of edge devices like the DrayTek Vigor 3910 has the potential to be devastating to users.” Douglas McKee, principal engineer and director of vulnerability research at Trellix, tells Verdict.

The vulnerability has been designated the catchy name CVE-2022-32548. Taiwanese DrayTek has already issued a patch. Trellix estimates that there are 200,000 unsecured office routers out in the wild.

If left unpatched, vulnerable routers connected to the internet are susceptible to remote attacks by hackers from anywhere in the world.

Black hat hackers exploiting the DrayTek vulnerability can use it gain access to the rest of the company’s network.

DrayTek vulnerability comes amidst wave of cybercrime

The discovery of CVE-2022-32548 was made at a time of unprecedented cybercrime. Small businesses are particularly vulnerable, according to Trellix.

McKee quotes research from RiskRecon suggesting that data breaches at small businesses globally jumped by 152% between 2020 and 2021. Breaches at larger organisations rose 75% during that same time period.

“Unfortunately, SMBs can be considered the ‘sweet spot’ for cyberattackers, as they tend to hold more valuable assets than consumers and often have less security in place compared to larger companies,” says McKee.

Ahead of the curve

Trellix and DrayTek hope to run ahead of the thieves with CVE-2022-32548, believing that no digital thugs have so far abused the vulnerability.

“At the current time we are unaware of CVE-2022-32548 being actively exploited by threat actors” McKee says.

However, he also warns that the US Cybersecurity & Infrastructure Security Agency recently recently released an advisory for similar vulnerabilities being exploited by the People’s Republic of China. The government body warned that China is actively leveraging known vulnerabilities to create a network of compromised devices.

McKee argues that it would be reasonable to conclude that threat actors will leverage this vulnerability in a similar way.

This adds to the long and growing list of known vulnerabilities such as Log4j that can be exploited by laptop-wielding larcenists.

GlobalData is the parent company of Verdict and its sister publications.