Friday, September 29, 2023

14 strategies for a successful modern business network

modern business network

NetworkTigers discusses strategies for a modern business network.

Building and maintaining a functional business network is not a task with a one-size-fits-all plan. With every network serving different organizations and use cases, each system needs to be crafted to meet the needs of the company at large.

However, there are some general strategies that IT professionals should keep in mind. Whether creating a new business network or looking to hone one already built, these 14 strategies will help you keep your priorities straight.

1. Automate wherever possible

A successful modern business network is complicated. The minutiae of data management and routine operations can be time-consuming and overwhelming. By intelligently employing automation, you can save time on more pressing network issues.

Because basic or monotonous tasks can have a numbing effect on the person charged with their execution, putting automation to work in these areas can also significantly reduce the risk of human error.

2. Make security a high priority

Cybercriminals are always looking for easy targets or negligence that can give them an entry point into a vulnerable network. With cybercrime being such a huge money maker and the bar of entry being lower than ever, no business network or organization is small enough to assume it’s under the radar.

Because of this, cybersecurity needs to be a foundational component of any decision around network structure. Implement zero-trust protocols, segment your network where appropriate to help contain unauthorized entry, and be sure that your security features, apps, and hardware are all easily and regularly updated for current threats.

3. Audit your security

Security audits should be regularly scheduled to ensure that your network remains airtight. No administrator is immune from tunnel vision, and enlisting a third party for this task will shed light on security lapses that may exist in your blindspots. 

Audits identify weaknesses and allow you to close gaps in your network that may have opened up via updates, reconfigurations, or have been missed.

4. Set the stage for scaling

If an organization is successful, network growth is inevitable. By always keeping the anticipated increase in mind, you can build and maintain your network in a manner that paves the way for future expansion. 

This can take the form of something as complex as researching and investing in the most modular software and hardware solutions available or as simple as ensuring that the racks and the room allotted to your equipment can accommodate a growing physical footprint.

5. Implement deep network monitoring

Network monitoring tools are essential for gaining insight into your operations. With the metrics gleaned from monitoring tools, you can observe traffic patterns, locate bottlenecks, and understand how your business network functions under typical circumstances.

You can then use this data to streamline your system for maximum efficiency. Additionally, you can set up alerts to notify you of any unusual traffic behavior that could indicate malicious activity or a malfunction.

6. Accommodate remote work and access

Work-from-home scenarios during the onset and height of the COVID-19 pandemic taxed IT administrators to the breaking point. Networks built for users under the same roof suddenly had to accommodate remote users. As a result, cybersecurity was often compromised, and cybercrime skyrocketed.

With remote work here to stay, networks must be flexible enough to allow employees worldwide to access an organization’s resources without causing security issues. 

Using a VPN can help put a barrier between prying eyes and employee activity. However, monitor and regulate the platforms workers use closely for collaboration and communication, as deviating from authorized apps can result in security lapses.

7. Employ software-defined networking (SDN)

Software-defined networking (SDN) can allow a single IT administrator to control an entire network, as it places a unified interface over all components. Adjustments can be made using this platform, and network operations can be modified as needed without the need to dive into separate windows or, in some cases, physically operate a device or piece of hardware.

SDN makes network administration more efficient, makes it easier to adjust your configurations and routings in real-time, and lessens the staff needed for large-scale maintenance. 

8. Invest in quality hardware

Hardware no longer working at peak performance, whether due to age or malfunction, should be replaced with equipment better able to cope with system demands. Even if a component is working as expected, if it is no longer supported by the manufacturer with regular updates, it is a security liability and likely to be a time bomb regarding compatibility.

Quality networking hardware comes at a high price, but there is great value in the used/refurbished market. Large organizations have the financial means to refresh their networks regularly, meaning that well-maintained, premium gear finds its way to the second-hand market at reasonable prices. 

You can purchase refurbished equipment from a reputable seller and remain within budget. Many resellers also provide guarantees if the equipment you purchase is out of the manufacturer’s warranty.

9. Create redundancy wherever possible

Be sure not to put all your network operations eggs in one basket. When a part of your network fails, having redundancy prevents it from becoming a catastrophic event. Duplicate hardware and load balancers can allow a network to continue chugging along despite a crash or DDoS attack that may otherwise completely overwhelm it.

10. Document everything

From diagrams of traffic flows to hardware serial numbers and spikes in traffic, accurate, organized records are essential for diagnosing network issues and providing a blueprint for recovery during a shutdown. 

Ensure your documentation is understandable from an outsider’s perspective, and ensure all records are maintained in the same format so that any information charted is standardized regardless of who is taking notation. 

11. Use the cloud

Cloud services can offer your network more storage, scalability, security features, and redundancies. While enlisting a third party may be problematic for some administrators, as they carry their risks, the benefits can outweigh the risks so long as any migration to the cloud is done intelligently and with cybersecurity in mind at all times.

12. Make quality of service (QoS) a priority

If your network is built or configured such that operations are sluggish or perform poorly, users are more likely to find unsafe workarounds to avoid wasting time, and customers may give up.

Set your network up to prioritize critical apps and allocate resources appropriately. If your organization regularly collaborates over video, for example, make sure that particular bandwidth use takes precedence so that communication is crisp and reliable.

13. Make employee training a requirement

Whether it’s showing the workforce how to determine whether or not an email is a phishing scam or keeping the IT team certified in the latest technologies and practices, employee education and training should not be seen as a diversion from network administration. 

With the pace of technology speeding up exponentially and the number of network connections growing daily, it’s essential to view network security holistically. Any single person with access to your business network could inadvertently open the door for hackers by falling for a social engineering campaign or misconfiguration of a folder’s permissions.

14. Plan for disaster recovery

Whether you’re starting fresh or reexamining an established network, formulating a strategy for disaster recovery can make or break an organization in the event of a system crash or cyberattack. 

Diligently back up data and configurations and develop stringent procedures you and other team members can use to get back online. Be sure to test these plans regularly to guarantee they will get your system back on track when it matters most.

Cybersecurity news weekly roundup September 25, 2023

roundup September 25

SAN MATEO, CA, September 25, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Emergency updates issued by Apple fix three new zero-day exploits

Three new actively exploited zero-day vulnerabilities targeting iPhone and Mac users have been patched by Apple via an emergency update, bringing the total to 16 zero-days patched in 2023 thus far. Two flaws were found in the WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991). These bugs allow threat actors to “bypass signature validation using malicious apps or gain arbitrary code execution via maliciously crafted webpages.” The third flaw (CVE-2023-41992) was found in the Kernel Framework and could be exploited to escalate privileges. Apple has yet to disclose specific exploitation details for these bugs. Read more.

Stealthy malware variants allow P2PInfect botnet activity to surge

According to research findings at Cado, the P2PInfect botnet has “entered a new period of code stability that allows it to ramp up its operation.” Reports indicate that P2PInfect has been upgraded with features that make it a “stealthier, more formidable threat.” New abilities include “a cron-based persistence mechanism that replaces the previous ‘bash_logout’ method, triggering the main payload every 30 minutes,” the use of a “secondary bash payload to communicate with the primary payload via a local server socket,” and the use of an SSH key to “overwrite any SSH authorized_keys on the breached endpoint to prevent legitimate users from logging in via SSH.” Recent surges in P2PInfect traffic and a steadily expanding volume of variants in the wild lead researchers to believe that the malware’s creators are “operating at an extremely high development cadence.” Read more.

Nagios XI network monitoring software contains critical security flaws

Four security vulnerabilities have been reported in the Nagios XI network monitoring software. The flaws disclosed responsibly to the developer in August have been patched in version 5.11.2 of the software. Three bugs, CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934, are described by security firm Outpost24 as allowing “users, with various levels of privileges, to access database fields via SQL Injections.” The fourth, CVE-2023-40932, “relates to a cross-site scripting (XSS) flaw in the Custom Logo component that could be used to read sensitive data, including cleartext passwords from the login page.” Users are encouraged to update their software to the current version as soon as possible to prevent the unauthorized execution of arbitrary SQL commands and the injection of arbitrary JavaScript and read and modify page data. Read more.

GitLab to users: install security updates to patch severe flaw

A critical security vulnerability that allows threat actors to “run pipelines as other users via scheduled security scan policies” within GitLab, a web-based open-source software project management/work tracking platform, has been patched via scheduled security scan updates that the developer is urging all users to apply. The bug, CVE-2023-5009, is present in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 13.12 through 16.2.7 and 16.3 through 16.3.4. Exploitation of the flaw could allow an attacker to access sensitive data, modify data, or execute events within the GitLab system. Read more.

Malicious AI tool WormGPT updated to feature-rich version 2

WormGPT is an “AI module system that gives the threat actors abilities to launch automated attacks like phishing.” It allows unlimited character support, chat memory retention, and code formatting. With crypto-only payments and the versatility to accommodate malware, BEC attacks, and other hacks with no user logs, the language model has proven troubling for security researchers who are universally concerned about how threat actors will continue to leverage AI for nefarious purposes. WormGPT V2 offers even more features, including faster operation, coding formatting, no limitations, different AI models, and a deeper focus on privacy. The service costs only $300 for lifetime access, putting tremendous power within reach of even the most bootstrapped threat actors. Read more.

Asia/Pacific-based card skimming campaign sets sights on North American victims

A threat actor targeting e-commerce sites and point-of-sale service providers with credit card skimming for more than a year in the Asia/Pacific region has turned towards North and Latin America in search of new victims. The campaign’s main objective is to “gain access to the payment pages on these sites and drop malware for stealing card numbers belonging to people making online purchases.” Calling the activity “Silent Skimmer,” BlackBerry researchers have called the technique complex and noted that it likely is being executed by a competent, experienced threat actor due to how the campaign “has readjusted its command-and-control (C2) infrastructure based on the geolocation of the victims.” This is reportedly to “ensure that traffic to and from the compromised servers blends in with normal traffic.” Read more.

Microsoft accidentally exposes 38TB of private data due to misconfigured GitHub repository

Microsoft’s AI research division mistakenly revealed 38TB of sensitive internal information collected over the last three years by misconfiguring a GitHub repository “meant only to provide access to open source code and AI models for image recognition.” However, the Azure Storage URL “granted permissions on the entire account.” According to cloud security firm Wiz, “the backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees.” This snafu reveals that no entity or organization, no matter how adept, is immune from the dangers of human error. Read more.

Transparent Tribe state hackers spread Android malware with YouTube app clones

APT36, a Pakistan state-affiliated threat actor also known as “Transparent Tribe,” has been found engaging in a campaign in which they infect victims with their signature CapraRAT trojan via three Android apps that mimic YouTube. The apps exist outside the Google Play store, with victims led to them via romance-based social engineering techniques. CapraRAT can collect data through camera and microphone recording, text messages, screen captures, and more. While Transparent Tribe’s methods are generally easy to identify as scams, they continually roll out new campaigns. They are prolific enough to gain victims regularly despite a lack of sophistication. Read more.

MGM Resorts hackers make statement about their strategy

Finally making an official statement regarding the hack of MGM Resorts, ALPHV has disclosed that their efforts were successful due to cracking into the company’s Okta Agent. “MGM made the hasty decision to shut down every one of their Okta Sync servers after learning that we had been lurking in their Okta Agent servers,” ALPHV said on their leak site. The threat actors claim they remained on the company’s Okta for a day to gather passwords and data before launching a ransomware attack on over 1,000 ESXi hypervisors. ALPHV also claims to have retained access to portions of MGM Resorts’ infrastructure, from which it intends to engage in further attacks due to the company not participating in negotiations. The group has also stated that it plans to release stolen data to Troy Hunt of Have I Been Pwned to disclose if he wishes. Read more.

Ambersquid cryptojacking campaign sets sights on uncommon AWS services

A new cryptojacking operation, codenamed Ambersquid by container security firm Sysdig, is targeting “uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency.” Ambersquid’s images execute miners downloaded from threat actor-controlled GitHub repositories, while others run scripts that target AWS. Sysdig has confidently attributed the operation to Indonesian threat actors based on the language used in its scripts and usernames. Hackers from this region have a pattern of targeting crypto for theft. Read more.

More cybersecurity news

Avoiding biases and cybersecurity blind spots

cybersecurity blind spot

NetworkTigers tips on how to avoid biases and cybersecurity blind spots.

While the ones and zeros of data protection applied through protocols, proper hardware implementation, zero-trust, and network monitoring are critical to keeping an organization safe, even the most technically airtight strategy can be subject to biases and cybersecurity blind spots.
Human nature is far from perfect, and, as a result, network security systems can sometimes be designed to reflect the architect’s subjective priorities and opinions.

Administrators should keep the following tips in mind when developing a cybersecurity strategy for an organization’s network to prevent cracks in their defenses. 

Don’t rely entirely on the technology

With modern networking software and equipment allowing for deep automation, anomaly reporting, and automatic updates, it can be tempting to leave a system on autopilot or rely too heavily on apps and gear to do the job.

This can result in other crucial security measures, such as continual staff training and response and recovery planning, being forgotten or neglected. Intelligently devised security makes the technology only part of a holistic plan that sees all employees practicing vigilance in their roles and IT teams keeping up with emerging threats and evolving their protocols accordingly. 

Don’t neglect the human factor

As we have seen repeatedly, all the technology and security in the world can’t protect even the largest international corporations from succumbing to a successful social engineering scheme.
Phishing emails, fraudulent job listings, and even AI-enhanced phone calls can lead an unwitting employee into providing a threat actor with the resources they need to bring an organization to its knees without having to write a single line of code.

Because of this, employees must receive regular training to keep them aware of tactics that criminals adopt to steal from or extort their targets. Focusing this training on lower-level employees may seem sufficient, but high-level officials and executives often find themselves in the crosshairs. No user should be left out to become a cybersecurity blind spot.

Update, patch, and replace

Keeping your system updated with the latest patches, updates, and security fixes can’t be overstated.

Ensure automatic updates are applied across the board and don’t leave outdated or no longer supported apps and equipment in the loop. Cybercriminals are always on the hunt for unpatched vulnerabilities, and IT professionals should never assume that just because they have forgotten about a cobwebbed piece of equipment still chugging away in their system, it won’t be on the radar for threat actors in search of an entry point.

Outdated equipment can be refreshed and replaced with refurbished gear at deep discounts, making it easier on the IT budget to swap out potentially vulnerable hardware for newer alternatives.

Keep up with regular assessments and auditing

Even minor modifications to a system can result in an exploitable vulnerability, meaning that lapses and cybersecurity blind spots can appear where and when they are least expected. Diligent IT professionals are acutely aware that they are not omniscient despite having what may be a remarkable understanding of the ins and outs of their system.

Regular security assessments and penetration tests are essential to security maintenance and an excellent way to shed light on holes that may have developed as work was being focused elsewhere. An objective perspective can distinguish between running a tight ship and taking on water.

Protect your network from insider threats

Often, a security breach is the result of an internal incident as opposed to an external threat actor.
From misconfigured databases and poor password hygiene to intentionally malicious actions taken by disgruntled employees, a network must be safe from harm no matter where it originates. 

Imposing strict permissions and user monitoring may come across as unfriendly from a philosophical standpoint, leaving some admins to allow their good nature to create cybersecurity blind spots. Only allowing employees to use job-critical network segments and being sure to change credentials in the event of someone’s role changing is necessary to ensure tight protection from all angles.

Don’t inherit a third party’s cybersecurity blind spots

Third-party vendors and contractors are a part of doing business. However, time and again, when an organization opens the door to a third party, it inherits any security lapses that the outsider may be guilty of.

Administrators must carefully assess the security protocols contractors implement to ensure that they don’t subject their system to someone else’s poor decisions. They also need to be strict in what they allow access to, the information they share, and with whom.

Security requirements should be built into any contracts that require data sharing or resources.

Don’t give employees an incentive to circumvent your security

Striking a balance between tight security and a frictionless user experience can be a challenge many administrators ignore. Still, the more complex a system is to use, the more likely workers are to find workarounds that may put data at risk.

Design protocols to be intuitive, seamless, and not seen as impediments to employee workflows. Frustrated workers may use unapproved apps or websites to share sensitive data or communicate company secrets via public messaging platforms.

Watch out for personal device usage

Remote work has opened the door to a wide range of vulnerabilities that either didn’t previously exist or were only present in certain pre-pandemic situations.

Workers using company resources and working on the network using personal devices open up a system to many risks that shouldn’t be overlooked. 

To mitigate the danger, IT teams should implement hard rules around using personal devices for work-related activities. This can be in the form of strong password requirements, allowing remote access to employee devices, or simply banning any devices that aren’t company-issued from the network.

Change those default settings

Even though many applications and hardware components come with built-in security settings, these should not be relied on to provide a high degree of protection. 

Criminals are familiar with default settings, sometimes sharing huge lists of router passwords

Modifying default security settings not only allows you to tailor your system to your specific needs but also puts one more obstacle between savvy hackers and your organization’s data.

Plan for the worst

Much of cybersecurity is focused on preventative measures. This can leave teams struggling in a breach if they haven’t taken the time to formulate a reliable plan that offers a path to recovery.

Poor response planning can result from a team spread too thin, an over-prioritization of defensive resources, or overconfidence in one’s ability to prevent an attack in the first place.

Administrators should have redundancies such as load balancers to pick up the slack in case of a crash or cyberattack. IT teams must develop and adhere to backup protocols that allow them to weather the storm of an attack or get their system back online as soon as possible if they are shut down.

How your network security failed you this year

network security fail

NetworkTigers discusses how your network security failed you this year.

Did your business make it safely through another quarter without a data breach or hacking scare? Think again! New research reveals many ways that your network has been attacked this year without you even knowing it. Some of these methods may not have succeeded, while others could be stealing your information immediately without you or your incident responders realizing it. Some of the latest attack methods don’t involve endpoints, so they bypass EDR. Others don’t touch customer networks, allowing them to escape network detection entirely. 

Gone phishing

Any network security warning in today’s day and age has to discuss phishing. Phishing, or posing as a reliable source to gain access to confidential or sensitive information, is far and away the most common cyberattack worldwide. Phishing is only becoming more sophisticated, as well as more prevalent, in 2023. Over 500 million phishing attacks were reported in 2022, or around double the number of reported phishing attacks in 2021. Reported losses due to phishing in 2022 skyrocketed to $52,089,159 in the United States alone. 

Phishing can occur over email, text, and, more recently, via SaaS. The last of these has the most potential to remain undetected. A multi-stage cloud phishing attack combines traditional email phishing (or “smishing,” meaning SMS-hosted scam messages) with additional phases to cast a veneer of authenticity while penetrating deeper into data storage systems. 

A multi-stage cloud phishing technique might look something like the following: 

  • A hacker (or hacking group) hosts a fake invoice, manual, or other document on cloud services. This document may seem secure and legitimate as it appears “in-app.”
  • An employee downloads or enables viewing of the dangerous PDF
  • The hacker gains access to a legitimate employee’s email and/or establishes a new Cloud-based account on a rogue device in their name based on the initial engagement with the fake document
  • The attacker uses the legitimate user account information to send phishing emails to other contacts in the system, like employees, vendors, and clients
  • The attacker comprises other employee accounts by using internal phishing and malware

Browser in the browser (BitB) attacks

Browser in the browser or BitB attacks are an almost undetectable network security threat. BitB attacks simulate pop-up windows within trusted browsers, taking advantage of websites’ popular third-party single sign-on (SSO) option. When users go to “Sign in with Google” (or other data-sharing accounts, like Apple, Microsoft, or Facebook), they are usually greeted with a pop-up window to authenticate their request. A penetration tester and security researcher who goes by mrd0x on Twitter explained how BitB attacks can be made to seem virtually indistinguishable from the real thing. “JavaScript can be easily used to make the window appear on a link or button click, on the page loading, etc.” the technical writeup shared. “Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s indistinguishable.” 

BitB attacks erode confidence in URL authentication and may be underway at any pop-up checkpoints within your network. With a simple blend of CSS and HTML code in their arsenal, BitB attacks may have already hacked your network without you realizing it. 

Credential stuffing 

In 2022, Microsoft tracked 1,287 password attacks taking place every second. This adds up to more than 111 million per day. The Chief Information Security Officer for Microsoft, Bret Arsenault, sums up the situation succinctly: “Hackers don’t break in – they log in.” Insecure passwords are just one risk to your network infrastructure. One of the most potent ways hackers can get their hands on your password without you ever realizing it is through credential stuffing. Once one password has been exposed through a data leak, usernames and passwords (together known as “credentials”) can be submitted via automation to scores of other websites to gain more sensitive information. The ripple effect of credential stuffing cannot be overestimated since it stems from one possibly overlooked breach to create a larger issue. 

Additionally, with the evolution of AI capability, password security is more in doubt than ever before. AI systems offer the potential to “brute force” a password leak by guessing infinite combinations of secured words and phrases based on common patterns and previously released risk factors. 

SaaS to SaaS attacks

How recently have you checked your integrations? SaaS to Saas attacks are rising, as some hackers piggyback onto legitimate apps to create shadow workflows. Take Zapier, a highly trusted vendor that boasts over 5,000 integrations. An attacker who has compromised a SaaS app integrated into Zapier could leech data such as bank account numbers, email logins, and more without being detected by incident responders. 

The bottom line? With so many attacks, phishing scams, and malware incidents happening every second, it’s impossible to say for certainty that your network system was not attacked this year, even if you didn’t know it. But by taking data privacy seriously, you can ensure that your network has the best chance of stability and survival, even after a serious threat attempt. 

Cybersecurity news weekly roundup September 18, 2023

roundup September 18

SAN MATEO, CA, September 18, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Facebook business accounts targeted by new NodeStealer malware

A variant of the Python-based NodeStealer malware has been making the rounds on Facebook with criminals looking to take over Business accounts for nefarious purposes. NodeStealer can exfiltrate victims’ cookies and passwords to break into Gmail, Facebook, and Outlook accounts. According to a researcher from Guardio Labs, ” compared to earlier variants, the new NodeStealer variant uses batch files to download and run Python scripts and steal credentials and cookies from multiple browsers and for multiple websites.” It is being spread by fraudulent messages sent from botted and hijacked accounts purporting to be customer complaints about defective products. Read more.

A social engineering phone call appears to be at the heart of the ransomware attack against MGM Resorts

The recent cyberattack against MGM Resorts was reportedly sparked by a phone call to the company’s IT help desk in which an employee was asked to turn over sensitive information that allowed the threat actor to wreak havoc and steal a trove of sensitive customer data, including home addresses and Social Security numbers. According to unverified reports, Scattered Spider, an affiliate of ALPHV, gathered information about an MGM employee via their LinkedIn profile and impersonated them. ALPHV is known for its adeptness at social engineering schemes, although the group has denied making official statements regarding the hack. Read more.

New 3AM ransomware variant discovered

A new ransomware variant called “3AM” has been discovered by Symantec’s Threat Hunter Team. According to their findings, “3AM is written in Rust and appears to be a completely new malware family. The ransomware attempts to stop multiple services on the infected computer before it encrypts files.” The 3AM ransomware was deployed after an attempted LockBit attack failed. Symantec states that this strategy of using more than one ransomware variant in an attack has been observed before and that “ransomware affiliates have become increasingly independent from ransomware operators.” Instances of 3AM are currently minimal, but Symantec expects the variant to raise its head in future attacks. Read more.

Fraudulent Cisco Webex Google Ads pushing malware

A report from Malwarebytes describes a campaign that sees Mexico-based threat actors using malicious Google Ads that impersonate the official Webex download portal but direct victims to sites that infect them with the BatLoader malware. The threat actors can perform the bait and switch by exploiting a loophole within the Google Ads tracking template while still complying with Google’s rules. The malicious ads rank in the highest position in Google search results for “Webex,” making them appear legitimate. It is recommended that, when using Google to search for software, users ignore the promoted results and seek out the developer’s official site. Read more.

Microsoft: Storm-0324 phishing campaign targets corporate systems via Teams message

A campaign that Microsoft’s Threat Intelligence Team has called Storm-0324 is using Teams messages as “lures to infiltrate corporate networks.” The messages are loaded with links that direct victims to a malicious ZIP file hosted on SharePoint. From ransomware to banking trojans and toolkits, researchers warn that “Storm-0324 operates in the cybercriminal economy as a payload distributor, offering a service that allows for the propagation of various payloads using evasive infection chains.” Microsoft has made security enhancements to help block this activity and notes that “because Storm-0324 hands-off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware.” Read more.

New malware variant targets Intel-based macOS users

A new Go-based malware variant called “MetaStealer” that can evade Apple’s anti-virus tech XProject has been observed stealing data from Intel-based macOS computers. Distributed via social engineering, the malware is deployed through emails sent to businesses that purport to be from clients. “Attached to the phishing emails are disk image files that, when mounted on the filesystem, contain deceptively named executables that appear as PDF files to trick the victim into opening them.” Once embedded, MetaStealer exfiltrates passwords, files, and app data. It also targets Telegram and Meta services to steal saved passwords. Read more.

Phishing campaign infecting victims with Agent Tesla, OriginBotnet, and RedLine Clipper

A phishing campaign is infecting victims with Agent Tesla, OriginBotnet, and RedLine Clipper via emails containing a malicious Microsoft Word document, according to a report from Fortinet FortiGuard Labs. RedLine Clipper is a .NET executable used to steal cryptocurrency. Agent Tesla is a “.NET-based remote access trojan (RAT) and data stealer for gaining initial access and exfiltrating sensitive information such as keystrokes and login credentials used in web browsers to a command-and-control (C2) server over SMTP protocol.” OriginBotnet “packs in a wide range of features to collect data, establish communications with its C2 server, and download supplementary plugins from the server to execute keylogging or password recovery functions on compromised endpoints.” Read more.

Major Github vulnerability leaves repositories exposed to repojacking

A security researcher from Checkmarx has reported on a GitHub flaw that may have exposed more than 4,000 repositories to the risk of repojacking attacks. As described in the researcher’s report, the bug “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations… Successful exploitation of this vulnerability impacts the open-source community by enabling the hijacking of over 4,000 code packages in languages such as Go, PHP, and Swift, as well as GitHub actions.” The flaw was disclosed to GitHub in March but was finally addressed on September 1st and “underlines the persistent risks associated with the ‘popular repository namespace retirement’ mechanism.” Read more.

Google patches actively exploited Chrome zero-day bug

Google has fixed a critical zero-day bug in its Chrome web browser, making it the fourth vulnerability to have received a patch since the start of the year. CVE-2023-4863 is “caused by a WebP heap buffer overflow weakness whose impact ranges from crashes to arbitrary code execution.” Because the bug is being actively exploited in the wild, Google has been tightlipped, saying that “access to bug details and links may be kept restricted until most users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.” Read more.

More cybersecurity news

5 common networking mistakes

networking mistakes

NetworkTigers discusses the five most common network mistakes and how to avoid them.

Proper network maintenance demands attention to detail and adherence to processes and protocols that keep traffic running smoothly, prevent crashes, and keep cyberattackers at bay. While senior administrators are well versed in the organization and management skills needed for reliable operations, even those with years of real-world experience can make networking mistakes capable of bringing business to a halt. Here are the five most common mistakes that IT professionals make and tips on how to avoid them:

1. Neglecting cybersecurity

Many network administrators and company owners still have the impression that small businesses aren’t worth a cybercriminal’s time, making it one of the most critical networking mistakes.

However, small businesses are frequently targeted by threat actors deliberately or simply fall victim to widespread phishing scams or system vulnerabilities. What’s more, most small businesses that succumb to a cyberattack are simply unable to recover. To avoid making this critical mistake:

  • Keep your system up to date. IT teams should put forth comprehensive security plans that mandate automatic updates across their entire system to keep their networks fortified against hackers looking to take advantage of any entry points left open. 
  • Enforce strong passwords. Easily guessed passwords are a favorite weakness for hackers who can employ tools to crack into accounts that aren’t adequately protected. All network users should maintain strong passwords that adhere to character amount and complexity requirements from a knowledgeable IT administrator. Multi-factor authentication, while not foolproof, should also be implemented where possible.
  • Train employees to spot threats. Social engineering tactics continue to put organizations’ data at risk. From emails that purport to come from a trusted company to text messages claiming to be from a superior, all employees need to be able to know what correspondences they can trust and what may be dangerous. 

2. Poor network documentation and recovery planning

When a network spins into chaos or needs unexpected maintenance, knowing where to find what information and how to bring your operations online can make the difference between a relatively painless fix and days of downtime. To prevent catastrophe:

  • Keep your information organized. Keep a current list of all of your hardware specifications, serial numbers, and configurations. Build network diagrams and IP address inventories that are easily understood not just by you but also by anyone else in the event that your organization’s network fails while you aren’t personally able to address it. 
  • Prepare for recovery. Making sense out of a network in shambles is a nightmare scenario. To roll with any punches, develop a disaster recovery plan that allows you to pull your system together without getting lost in the weeds. Ensure your configurations are easily accessible and regularly update your records to reflect your current setup.
  • Prioritize redundancy. Depending completely on single pieces of infrastructure or equipment can prove to be disastrous in the event of a crash. Your network should be built and organized in such a way that another swiftly compensates for the failure of one component. While your system doesn’t necessarily have to work at 100% capacity if something goes wrong, you should at least have some redundancy in place to allow it to work well enough to still operate while you sort out the issue.

3. Skimping on robust network monitoring

Without knowing how traffic is moving through your system, you’re flying blind. Keeping a sharp eye on your network allows you to understand typical traffic patterns, notice unusual behavior, and chart your network’s analytics. To keep your finger on the pulse of your system:

  • Use network monitoring tools. With so many tools available, IT administrators are spoiled for choice when it comes to network monitoring. Real-time insights are invaluable. Once you have a grasp on how your network runs, set up alerts that let you know if something is behaving in an unusual way.
  • Conduct regular audits. Audits allow you to take a hard look at your network’s compliance, security, and efficiency. The information gleaned from an audit can be used to improve your network’s workflow and fine-tune it for peak performance.

4. Not keeping future growth in mind

Every organization looks to grow and their networks need to react accordingly. Crystalizing a system in a manner that requires deep reconfigurations or even total architecture replacements in the event of new business or more employees will burn a tremendous amount of time and money, making it one of the more costly networking mistakes. To set the stage for painless growth:

  • Anticipating the future. What is the trajectory of your organization? How much growth is expected in the coming years? The more you know about your company’s path, the better you can predict and accommodate future networking needs.
  • Invest in scalable equipment. When building a network, it’s wise to do so with gear that can be used for as long as possible. You can do so by looking for configurations with modular capabilities that can be added or removed as needed. A network is never said and done, so getting too comfortable with a particular setup can work against you. Always think two steps ahead of your current needs and budget by purchasing refurbished network equipment from a seller you can trust.

5. Poorly maintained hardware

One of the more common networking mistakes is thinking of a system only in terms of ones and zeroes. Every piece of hardware in your network has a lifespan that can often be extended with proper maintenance and updates. To prevent your physical architecture from deteriorating:

  • Update it regularly. Keep your gear up to date as per manufacturer recommendations. While components may still appear to function as expected at first glance, mysterious compatibility problems can arise if firmware is not updated. This kind of issue can be nipped in the bud by enforcing regular updates.
  • Perform scheduled physical inspections. Create a hardware maintenance plan in which you physically inspect your equipment for signs of malfunction, wear, or other deterioration. Dust buildup can result in hardware becoming too hot to perform adequately. Unexpected moisture from an air conditioner or leak in the ceiling could cause equipment to corrode, short circuit, or even create the risk of an electric shock. Don’t forget to check your cables, as they may be subjected to damage from rodents.

Explore the benefits of enterprise-grade networking equipment

enterprise-grade network ingequipment

NetworkTigers discusses the benefits of enterprise-grade networking equipment.

The Internet of Everything has grown exponentially over the last ten years. More than 50 billion “things” are connected to the Internet right now, according to Cisco. Those things comprise a wider variety of network devices than many dreamed possible. Smartphones and computers are only the tip of the iceberg. Homes, parking meters, thermostats, refrigerators, cardiac monitors, cars, supermarket shelves, and even cows have been connected to the Internet of Things (IoT).  

With so many devices online, and even more doubtless yet to come, having reliable connectivity is no longer optional for most small to medium businesses. The average consumer carries out at least two transactions online per day. Meanwhile, 28% of all business has shifted online. Enterprise-grade networking equipment can make all the difference for a business seeking to expand while investing in reliable, scalable gear. Does your home or business need enterprise-grade networking equipment? Read on for the pros and cons. 

Differences between home networks and enterprise-grade gear

In most residential networks, your router and devices create a workgroup with the following characteristics and limitations:

  • No separate network management: All devices connected to the network are equally a part of the same connection. This means no separate device is needed or available to be granted manager privileges. 
  • Different user accounts: Each account is private, and login is not shared within the larger network.
  • Smaller capability: Only a few devices will receive internet access through the home network
  • Encryption options available: Most home networks can support WPA wireless encryption standards and some firewall setups. Most also offer Ethernet ports for wired connectivity. 

On the other hand, enterprise-grade network equipment offers expanded capacity for both businesses and some homeowners serious about security and connectivity. Enterprise-grade gear involves: 

  • At least one server: At least one user account will be located on the domain server, not a personal computer or laptop
  • Network administrators can configure permissions for connected devices
  • Support for multiple access points
  • Group policy enforcement and domain-wide logging of user activity: This can effectively trace hacks and leaks back to the source. Connected devices, ports and traffic can be monitored and Quality of Service (QoS) settings can be adjusted. 
  • Expanded data storage and privacy protection
  • Hardware-based VPN: This feature can also be accessed for those working remotely. 
  • Higher speeds and increased device connection capacity
  • External network switches may be used to link devices
  • Longer lasting design and individual parts

Benefits of choosing enterprise-grade networking equipment

Home networks usually involve a lower up-front cost but may require replacing and repair sooner than enterprise-grade gear. Choosing how to invest in network equipment involves a careful cost-benefit analysis of initial costs and your expected future needs. Do you anticipate needing more access ports in the near future? Stronger security? When deciding between different kinds of network equipment, you may want to consider the following factors: 


Enterprise-grade gear is built to last for ten to thirty years easily. It is also designed to be easily scalable. If your small business plans to expand or hire work-from-home employees soon, investing in enterprise-grade gear can ensure your venture is better prepared for success. Additionally, homeowners looking for network installation above 2,000 square feet or those requiring expanded WiFi access to property lines, poolside, or beachside areas are more commonly considering enterprise-grade gear because it spans more devices and a larger geographic area. 


Enterprise-grade networks are by nature more secure than the average home gear. Unlike typical Internet connectivity, enterprise-grade networks limit access to specific users and devices. Data that passes through an enterprise-grade network is typically encrypted using a VPN or Transport Layer Security (TLS). Enterprise-grade routers also offer expanded routing protocols, SNMP (simple network management protocol), and greater visibility for data traffic. 


Enterprise-grade networking equipment is built to increase both speed and connectivity. Enterprise routers have more advanced hardware components that are built to handle much higher amounts of traffic. Cache, CPU, memory, and forwarding capacity will all be improved on enterprise-grade gear. 

The typical residential router can connect 10 to 15 users. On the other hand, an enterprise router can allow access for up to 150 users with improved speeds and data flow. 


Go beyond bare minimum when considering your home or business’s networking needs. The Internet of Things is only expanding, and connectivity requirements that we wouldn’t have dreamed of are now the norm. Investing in enterprise-grade gear can ensure your WiFi access is stronger, smoother, and better protected against threats. It may be the most worthwhile investment in your digital health. 

Cybersecurity news weekly roundup September 11, 2023

roundup september 11

SAN MATEO, CA, September 11, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Cisco warns of zero-day bug being actively exploited by ransomware gangs

A zero-day vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is being exploited in the wild by ransomware attackers, according to a warning from the company. The flaws allow “unauthorized remote attackers to conduct brute force attacks against existing accounts.” The CVE-2023-20269 flaw is “located within the web services interface of the Cisco ASA and Cisco FTD devices” and “is caused by improperly separating the AAA functions and other software features,” creating a situation in which a threat actor can “send authentication requests to the web services interface to impact or compromise authorization components.” Cisco is in the process of releasing a patch to mitigate this exploit. Read more.

Apple pushes emergency patches to address flaws exploited for Pegasus spyware

Apple pushed emergency patches to iOS, iPadOS, macOS, and watchOS to close a pair of zero-day exploits to install NSO Group’s Pegasus spyware. CVE-2023-41061 is a “validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.” CVE-2023-41064 is a “buffer overflow issue in the Image I/O component that could result in arbitrary code execution when processing a maliciously crafted image.” According to researchers at Citizen Lab, the two flaws make up a zero-click iMessage exploit chain “capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.” Read more.

Zero-day exploit in AtlasVPN for Linux disconnects victim and reveals their IP address

An exploit code that allows a threat actor to disconnect and expose the IP address of AtlasVPN for Linux users has been published by an undisclosed security researcher after reaching out to the vendor but receiving no response. The bug is easy to execute, as it only requires a threat actor to copy and paste an exploit code to their site and lure a victim to it. The exploit’s ease and the fact that it completely invalidates the reason for a VPN product’s existence has left some researchers severely disappointed in AtlasVPN’s lack of urgency concerning this flaw. Read more.

ApacheSuperSet remote code execution vulnerabilities patched in new update

Two exploits in ApacheSuperSet that could allow a hacker to gain remote code execution have been remedied in a recent update. CVE-2023-39265 and CVE-2023-37941, both of which “make it possible to conduct nefarious actions once a bad actor can gain control of Superset’s metadata database,” have been fixed. The latest update also addresses CVE-2023-36388, an improper REST API permission issue that “allows low-privilege users to carry out server-side request forgery (SSRF) attacks.” Users are urged to update their systems immediately. Read more.

W3LL phishing kit bypasses MFA to hijack thousands of Microsoft 365 accounts

A threat actor called W3LL has developed a phishing kit that has hijacked over 8,000 Microsoft 365 accounts after creating “utilities and infrastructure” that targeted more than 56,000 users. Researchers say that W3LL’s inventory of malicious tools covers “almost the entire kill chain of a BEC operation” and can be easily deployed by “cybercriminals of all technical skill levels.” Using several sophisticated and evasive techniques against targets, Group-IB researchers have stated that “W3LL’s major weapon, W3LL Panel, may be considered one of the most advanced phishing kits in class, featuring adversary-in-the-middle functionality, API, source code protection, and other unique capabilities.” Read more.

PHPFusion CMS discovered to have high-severity flaw

PHPFusion, a popular open-source content management system, has been found to harbor a high-severity flaw by researchers at the Synopsys Cybersecurity Research Center (CyRC). CyRC warns that there are currently no plans by the operators of PHPFusion to patch or address the bug, tracked as CVE-2023-2453, which could allow a threat actor to execute remote code on a victim’s system. The researchers say that the vulnerability is “caused by insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement” and that the attacker “must have ‘Member,’ ‘Administrator,’ or ‘Super Administrator’ privileges.” PHPFusion is used by more than 15 million websites worldwide. Read more. 

MinIO storage system abused by hackers, used to execute code on compromised servers

Threat actors have been reportedly “weaponizing” flaws within the MinIO object storage system via a publicly available exploit chain. The findings come from researchers at Security Joes, who report that the exploited flaws “possess the potential to expose sensitive information present within the compromised installation and facilitate remote code execution (RCE) on the host where the MinIO application is operational.” The hackers use the exploits to create a “deceptive update” that replaces the “authentic MinIO binary with its ‘evil’ counterpart.” The threat actors responsible are unknown, though they are “proficient in working with bash scripts and Python.” Read more.

Decryptor developed for victims of Key Group ransomware

EclecticIQ researchers have developed and released a decryption tool designed to foil ransomware deployed by Key Group, a Russian threat organization that was discovered last January. Key Group’s malware is described as having several flaws, making it easier than other strains to crack. “Key Group ransomware uses CBC-mode Advanced Encryption Standard (AES) to encrypt files and sends personally identifiable information (PII) of victim devices to threat actors,” the EclecticIQ team explained in a new report. “The ransomware uses the same static AES key and initialization vector (IV) to recursively encrypt victim data and change the name of encrypted files with the keygroup777tg extension.” EclecticIQ’s tool is free to download. Read more.

Social engineering campaign targeting Okta Super Administrator accounts

Okta is warning users that a social engineering campaign to obtain “highly privileged Okta Super Administrator accounts” has been underway. The threat actors responsible use a commercial phishing kit called 0ktapus, “which offers pre-made templates to create realistic fake authentication portals and ultimately harvest credentials and multi-factor authentication (MFA) codes. It also incorporates a built-in command-and-control (C2) channel via Telegram.” Okta is urging users to “enforce phishing-resistant authentication, strengthen help desk identity verification processes, enable new device and suspicious activity end-user notifications, and review and limit the use of Super Administrator roles.” Read more.

Chrome extensions can steal plaintext passwords

A group of researchers at the University of Wisconsin-Madison have created a proof-of-concept extension that can steal plaintext passwords from a site’s source code. The extension has been uploaded to the Chrome Web Store. The researchers discovered that websites that receive millions of viewers “store passwords in plaintext within the HTML source code of their web pages, allowing extensions to retrieve them.” The team said this vulnerability results from “the practice of giving browser extensions unrestricted access to the DOM tree of sites they load on, which allows accessing potentially sensitive elements such as user input fields.” The researchers’ findings revealed that huge sites such as Facebook and Gmail are susceptible to this flaw. Read more.

More cybersecurity news

Improving network security without breaking the bank

improving network security

NetworkTigers with advice on improving network security on a budget.

Cyber attacks are increasingly sophisticated, making network security a top concern for businesses of all sizes. While safeguarding confidential data and maintaining the integrity of network operations is crucial, robust security doesn’t require a hefty budget.

The importance of securing your business network

Every business is a potential target for cybercriminals seeking to exploit vulnerabilities. Here’s why securing your business network is crucial:

  • Safeguards sensitive data: Business networks keep sensitive information, including customer data, financial records, and trade secrets. A robust network prevents unauthorized access, data breaches, and leaks that could have devastating economic and reputational consequences.
  • Prevents cyber attacks: Cyber attacks, ranging from malware and ransomware to DDoS and phishing attacks, are constant threats. A secure network reduces the risk of these attacks and minimizes the potential damage they can cause.
  • Maintains business continuity: Downtime due to network breaches can disrupt business operations, resulting in revenue loss and customer dissatisfaction. An effective network ensures consistent availability of services, promoting seamless operations and customer satisfaction.
  • Protects customer trust: Customers entrust their data to your business, expecting it to be kept safe. A breach can erode this trust, leading to reputational damage and loss of clientele. A strong network demonstrates your commitment to customer privacy and security.

Common network security threats

Understanding network security threats is the first line of defense in safeguarding your sensitive data and operations. Here are common threats that may pose risks to your network.


Malware comprises a range of harmful software, such as viruses, worms, Trojans, and ransomware. These dangerous codes infiltrate your network through infected attachments, downloads, or malicious links. Once inside, they can disrupt operations, steal data, or even lock your systems until a ransom is paid.

Phishing attacks

Phishing attacks prey on human psychology. Attackers send emails or messages that seem legitimate to deceive recipients into revealing confidential data like passwords, credit card numbers, or login credentials. These attacks can have devastating consequences, from data breaches to financial loss.

Denial-of-Service (DoS) attacks

DoS attacks flood a network with overwhelming traffic, rendering it unavailable to legitimate users. Distributed Denial-of-Service (DDoS) attacks involve multiple compromised computers, making defense even more challenging. The aim is disruption, causing inconvenience or financial loss.

Man-in-the-middle (MitM) attacks

In MitM attacks, hackers intercept conversations between two people without their knowledge. This allows attackers to eavesdrop, alter, or steal data being exchanged, leading to unauthorized access and potential data breaches.

Five ways to protect your network security 

Safeguarding your network against potential threats is essential, whether you’re a business handling sensitive data or an individual concerned about personal privacy. Implement these strategies to keep your information secure:

Educate your workforce

Your employees are a potential vulnerability in your network security. Investing in cybersecurity training and awareness programs can strengthen your defenses. Encourage reporting of suspicious activities by providing examples of phishing emails and scams. 

Educate your staff about the risks of phishing, social engineering, and the importance of strong password practices. Regular training sessions can empower your team to identify and report potential threats, reducing the likelihood of successful cyberattacks.

Implement strong access controls

Effective access controls limit the exposure of sensitive data to only those who need it. Categorize data based on sensitivity and use role-based access control (RBAC) to assign permissions based on job roles. This ensures that employees can only access the information necessary for their tasks. 

Additionally, conduct regular audits to ensure access permissions are up-to-date and immediately revoke access for employees who no longer need it to prevent access to old accounts.

Regularly update and patch systems

Many cyberattacks exploit known vulnerabilities in outdated software. Regularly updating and patching operating systems, software applications, and network devices can reduce the risk of breaches. 

To ensure that your systems are always protected with the latest security fixes, schedule regular software updates and patches and prioritize critical patches to address high-risk vulnerabilities.

Segment your network 

Network segmentation involves dividing your network into smaller segments to contain potential breaches. This means that if one segment is compromised, the damage is limited. For instance, your guest Wi-Fi network should be separated from your main internal network. 

You can prevent unauthorized access to critical resources by regularly monitoring and updating segmentation rules to align with changing requirements, identifying different network zones based on security needs, and implementing firewalls and access controls between network segments.

Monitor network traffic and anomalies

Network monitoring tools analyze network traffic patterns and can identify suspicious behavior, such as unusual data transfer or access attempts. To detect and mitigate potential threats early, set up network monitoring tools to track incoming and outgoing traffic. Also, regularly review logs and analyze anomalies to identify potential security breaches. 

Enhance your network security

Network security doesn’t have to be an expensive venture. You can improve your security without spending a lot by implementing the tips we have shared above. If you’re looking for a solution that is right for your company, contact us today for more information.

Why you should use high-quality routers in your network

high-quality routers

NetworkTigers discusses the importance of high-quality routers in your network.

The kind of router you choose sets the standard for how quickly, efficiently, and safely you can access the internet. When building a network, selecting the best and most up-to-date routers is essential to ensure data security and speed. Your router is responsible for processing, managing, and protecting every device on your network. Ideally, choose high-quality network routers and other components when investing in your network infrastructure. 

Why do I need the best router possible?

High-quality routers can protect your network from data breaches more effectively than outdated ones. Older routers may stop receiving security updates and patches as they are replaced in a company’s lineup. Worst case scenario, an older router may not support WPA3 at all. In July 2020, all wireless access devices were required to support WPA3 to receive certification by the Wi-Fi Alliance. If your routers predate this decision, you may be working with a by-definition less secure wireless network algorithm, putting a target on your back for hackers.

High-quality routers can also increase the range of connected devices, allowing for higher internet usage speeds. If you have been steadily adding connected devices to one network without seriously considering upgrading your overall infrastructure, the time has come to invest in quality routers. 

Why are high-quality routers essential for fast and efficient networks?

The following are some key considerations as you build a reliable network infrastructure

Your internet plan

When it comes to speed, your ISP sets the limit to how fast you can access data online. Many routers can quickly outpace average ISP download speeds, but you may not get to put them to the test without investing in an enterprise-grade or business plan that doesn’t restrict downloads. Additionally, Mbps (or bandwidth) makes a difference in network responsiveness, as does network latency. While many routers can reach speeds of 1 gigabit per second or faster, the median fixed broadband speed in the United States still lags at close to 192.12Mbps. While this is still the 7th fastest median internet speed in the world, routers can often move much faster than many areas can access.

Still, when choosing a router, experts suggest choosing one that is faster than your internet plan advertises. Doing so ensures you don’t waste the service speeds you’re paying for. Additionally, you’ll be able to maximize capacity when conducting local transfers, like pulling files from one computer to another connected device via your local network. ISP speed doesn’t matter within a localized home or business network, so investing in a fast router can ensure that your internal data transfers can happen as quickly and efficiently as possible. 

Wi-Fi 6 

Choose a router that supports one of the latest wireless protocols, ideally WiFi 6. At the very minimum, your router should be able to meet one of the following standards:

  • Wi-Fi 4: Wi-Fi 4 is quickly becoming outdated, but this standard was the first to allow users to access 2.4 GHz and 5.0 frequencies. Wi-Fi 4 (11n) supports speeds up to 600 Mbps. 
  • WiFi 5: Wi-Fi 5 supports speeds up to 3.5 Gbps, making it much more efficient than Wi-Fi 4. Wi-Fi 5 (11 ac) is what the majority of routers today operate on. 
  • WiFi 6: Wi-Fi 6 (11 ax) is expected to deliver speeds up to a mind-boggling 10 Gbps. While you may not need this level of connectivity yet (and some devices may not support these speeds), staying ahead of the curve can ensure that your wireless network does not need to invest twice in the latest technology. 

Mesh network options

For expanded Wi-Fi access or to combat existing dead zones, you may want to consider a mesh network. Instead of a single router, a mesh system combines various nodes with a main router to create a unified network. Working with mesh Wi-Fi allows you to expand and scale your existing network, depending on your needs. Many mesh network options also allow users more control over data flow. 

Quality of service (QoS)

Speaking of control, QoS is a must for users who want to prioritize specific devices and connections over others. Choosing a router with QoS options can help your network experience feel as smooth and steady as possible. For home networks, QoS can be set to prioritize work computers over kids’ gaming consoles or streaming. For business networks, QoS can prioritize access in executive areas or ensure steady access for tech support or customer service calls. However, you configure it, choosing a router with QoS options and beamforming can ensure a stronger signal and connectivity for the areas and devices that need it most. 

Multiple user, multiple input, multiple output (MU-MIMO)

MU-MIMO is a must when building a reliable network infrastructure in today’s day and age. With MU-MIMO, one router can support multiple connections more efficiently, whether wired or wireless. MU-MIMO allows your router to divide bandwidth and apportion it to connected devices all at the same time. MU-MIMO essentially takes what was a single-file line and creates multiple lanes to access the internet. In Wi-Fi 5-enabled devices, the maximum number of lanes is four. With an investment in a Wi-Fi 6 router, however, the number of devices that can be served simultaneously with MU-MIMO doubles to eight. 
Prioritizing quality routers for your network can change how you access the internet and how your home or business stays safe online. With data breaches on the rise and the average cost of a hack hovering in the million-dollar range, choosing the best routers makes your network infrastructure more robust and more secure. It’s the smartest move possible when building an efficient network today.