Russian Hackers Target Routers in 50 Countries Worldwide
In a day and time when everyone is being super careful not to click on suspicious links, there’s a new threat lurking. Just about every home and office has a router. It’s an inconspicuous piece of equipment that most of us rarely think about. And now, a new alert issued by the FBI says that Russian hackers have targeted routers in 50 countries around the world.
Just last week, the FBI issued a warning stating that a malware botnet known as VPNFilter was responsible for taking over millions of routers worldwide. The affected routers are thought to be primarily consumer-grade routers purchased at Best Buy and other retail and online electronic stores. The authorities also believe that routers provided by internet service providers such as Frontier Communications, Spectrum, and Charter have been affected. Commercial grade routers found in many businesses are also at risk.
Why the router?
Routers are rarely updated. Unlike the operating system on a smartphone or computer, most router manufacturers do not send out regular updates for their products. Last January, a complaint was filed against router manufacturer, D-Link. In the complaint, the FTC said that the manufacturer was leaving their users at risk by not installing adequate security measure. Their failure to do so had left many consumers open to attacks from hackers.
Experts are now saying that there’s no incentive for router manufacturers to release regular updates to their products that could stave off attacks. Up to now, these manufacturers have not been held liable and when there’s no liability, manufacturers will often take cost-saving shortcuts.
How hackers are getting in
Using malware to target the VPNFilter, cybercriminals are able to collect user data. Once the hacker has control of the router, they can use it to eaves drop on consumers. This weakness also allows hackers a doorway to all home computers, TVs, smartphones, or anything connected via the router.
The FBI recently discovered one website that hackers had set up to use in their attack. This website was designed to give instructions to the routers that had been taken over. Though shutting this site down did cut off one avenue of attack, the FBI warned that millions of routers were still infected. This leaves millions of consumers around the world vulnerable and most users will not even realize they’ve been hacked.
Who is responsible for the hacks?
The Justice Department said the hacking group referred to itself as “Sofacy” and that they answered to the Russian government. The hacking group also goes by the names Fancy Bear and APT28 and they have been involved in some very high-profile targets over the last few years. This group was blamed for the hacks carried out during the 2016 presidential campaign that targeted the Democratic National Convention.
Cisco Systems Inc. performed its own investigation and found that the targeted routers include Netgear, Belkin’s Linksys, QNAP, Mikro Tik, and TP-Link. There may be others involved as well and most were purchased by consumers at local electronic stores and online. Cisco shared the results of their investigation with the Ukrainian government and the U.S. The FBI said that they believe some of the affected routers were also provided by internet service companies.
What routers have been infected?
Authorities have put together a list of the known affected routers, but recommend that everyone take the precaution of rebooting the router and changing the password as soon as possible. The known affected routers include:
New types of warfare between Russia and the Ukraine
Russia has long been involved in attacks against the Ukraine and Ukrainian companies due to ongoing hostilities between the two countries. In the past, these attacks have cost millions of dollars and exposed the personal, confidential information of both businesses and individuals. At least one attack was responsible for an electricity blackout in the Ukraine.
The Ukrainian government recently stated that the Russian government was planning a cyber-attack against some privately held companies, along with Ukrainian state bodies. They believe these attacks were meant to disrupt the Champions League soccer finals which were being held in Kyiv.
What to do next
Experts are recommending that everyone using a router shut it down and reboot it. They also recommend disabling remote manager settings. If at all possible, upgrade the router to the latest firmware and change your password.
Managed IT providers are recommending many commercial grade firewalls and routers for business owners who have quite a bit more to lose than the average consumer. They have stated that commercial grade firewalls and routers offer powerful firewall technologies and some offer wireless access point that offers stronger protection for the home or office.
Consumer-grade routers used by the average individual are most at risk. Businesses who have remote employees working from home often forget that these workers present a weak area that hackers can take advantage of. Most individuals have never upgraded their router’s firmware or changed the original password that came with the router. IT experts believe that hackers will eventually exploit all weaknesses like this.
An ongoing risk
The FBI warned, “The size and scope of the infrastructure by VPNFilter malware is significant.”
Their experts said that hackers could render the routers affected completely inoperable if they wanted to, but that wasn’t their primary goal. Instead, they were planning to steal data off the computers, phones, and other connected devices by taking over the routers that controlled internet access. The FBI stated that the malware would be very hard to detect even by professionals because of encryption and other tactics used by the hacking group.
In addition to rebooting routers and changing passwords experts recommend contacting your internet service provider for possible firmware updates or other guidance.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.