One common element of all networks is the existence of routers. These devices weren’t always used in household networks. But they soon became commonplace with any home network. Because they are so commonplace, hackers have gone after home routers with numerous different attacks. Some attacks make routers a part of a botnet. Others sniff data from the network owner’s traffic. Others crash routers just for fun and shenanigans, and even more attackers use it to watch traffic. Russian cyber attackers have found a new bug in router firmware. Even the FBI is urging people to reboot them to avoid being the next victim of an attack malware named VPNFilter. Default password risks are one of the worst – change passwords as soon as you get a device.

Router Malware and Default Password Risks

Attackers rely on two main mistakes made by users. Routers are critical components to a network, so they are a part of almost any network. They used to be only a part of enterprise networks, but then many manufacturers made home versions and made them affordable compared to the prices years ago that required hundreds of dollars for a user to own a router in their home.

Users often leave the default password which is why many attackers are able to gain access to routers. Combined with remote access enabled, attackers are able to remotely connect to any router whether it’s a home router or a highly advanced one that is used to protect enterprise networks.

When a user leaves the default password active and then enables remote access, just about anyone can access it as long as the person has the incoming IP address. The difficulty with router defense is that an attacker can gain access to the router hardware completely silently without the user having any clue that the router is compromised.

The first thing all users should do is change their password. It’s not easy for users to understand that their password should change. Plenty of users can read material where router experts say to change the SSID password as soon as you set up the router. But not many remind users to change the admin password when the connect it to the network. This is where default password risks come into play.

Read about how malware writers are using Memcached servers to amplify DDoS attacks.

The Latest Attack Named VPNFilter

According to the latest Ars Technica article, The NSA and the FBI have been aware of the latest VPN Filter for a while and have been trying to track its origin and its main purpose for attackers. At first, these government agencies thought that the attacks were regular attackers looking to gain profit such as building a botnet to bring down specific websites or build a way to infect other networks with their malware. However, the FBI has released its latest warning to say that it believes Russian hackers are involved with the attack. The cyber attackers have compromised about 500,000 router devices of common brands such as Linksys and Netgear.

Users are urged to reboot their routers. By doing so they neutralize and remove the second and third phase of the malware. These phases are when they steal, read data, and send it to the attackers. It does not stop phase one, which is used to initialize infection. However, by rebooting you stop the most important components of the virus from further than the initial infection.

Currently, the malware is only intended to infect neighboring routers. Investigators are looking into what other reasons an attacker would have to infect routers. But mainly it seems like the intention is to steal data and infect other routers.

Router infections by default password risk are a serious. To protect your network from insider threats, check out GateKeeper for more information.