Russians Hacked 500000 Routers.
Last week, the FBI announced that Russians hacked 500000 routers across the globe. The criminals breached devices made by Cisco, Netgear, TP-Link, Linksys, and perhaps many others. Home users and small offices are the primary users of the breached devices, so the FBI released this public alert.
How did Russian criminals hack so many routers?
Many users install routers without changing the default Admin account and password. While people may think these will work fine, the reality is that most of this info is online. Crooks can easily look up default passwords and use them to break into these devices.
Other people never update their routers or have routers too old to update. Routers like this have many vulnerabilities that hackers can easily use for installing malware. Hackers tend to look for the easy targets, so they often go for systems without basic security.
What can the hackers do with my router?
Compromised routers have two major issues to watch for. The malware first of all spies on the users. It is constantly recording and user names and passwords that people enter when they use the wireless network. This is obviously very bad, as crooks could steal a lot of sensitive information that way.
The other issue is that crooks can command the malware to destroy the router. Essentially, this self destruct function turns a given router into a worthless brick. The router shouldn’t melt or explode, but it will be unusable and next to impossible to repair.
What can we do since Russians hacked 500000 routers?
It will be difficult to tell if crooks hacked your router without a comprehensive Vulnerability Assessment. But there is a quick and easy solution thanks to some work by the FBI.
If the malware infected your router, restarting it should clear much of the infection. The second and third phases of the malware run in the router’s temporary memory, so the reboot should remove it. But to fully clear it off of your router, you will need to perform a factory reset.
Thankfully the FBI seized a primary system that controls this malware, so rebooting should do enough for now. It’s very easy to unplug and plug back in your router, so we highly recommend taking this step at least. If you want to be more certain, resetting the router will clear it.
What happens next?
After you reset your router, make sure to configure it properly and update it regularly. Limit access to the device with a strong password for administration and disable features you don’t plan to use. Most small offices and home users won’t need remote administration on their routers, so settings like these may be wise to disable.
Although yes, Russians hacked 500000 routers this time, it doesn’t have to happen again. You can make sure your business is properly prepared. Checking up on your routers and making sure you update them regularly is key. And if the they can no longer receive updates, it may be time to upgrade.
If you need help checking the status of your router and your overall security, Vulnerability Assessments from Astria are a great solution. We can find problems with router configuration fast so that you can keep your business productive. Contact us today for more information!