The FBI has warned that outdated routers are being hijacked by cybercriminals to hide illegal activity and build massive, untraceable proxy networks.
The FBI has recently issued a security alert which is of interest to anyone who logs onto the internet on a daily basis. The alert centers upon outdated internet routers which are being targeted by cybercriminals. The routers at the heart of this attack all have one thing in common: they’re no longer supported by their manufacturers. These vulnerable devices, therefore, are perfect for the attackers to exploit and turn them into tools for cybercrime. As the threat actors are combining these compromised routers into huge proxy networks, identifying the perpetrators behind the attack is fiendishly difficult.
How Have the Routers Become Compromised?
The attack relies on a strain of malware called “TheMoon,” which is used to infect end-of-life (EoL) routers. An EoL device is one which no longer receives any firmware or security updates from its developer, typically as the device is of a certain age and has been superseded by more modern devices. This EoL status makes these devices a major security risk as there’s no protection against newly discovered vulnerabilities. Once compromised, these routers become part of a network of proxies used by the attackers to shield their identities when committing crimes online.
Routers at risk of this attack include EoL routers from popular brands such as Linksys, Cisco, and Cradlepoint. Once the attacker gains access to the router, they have all the time in the world to install the malware, which connects the router to a command-and-control server. The router can then be used to recruit other compromised devices and re-route malicious internet traffic. In particular, these proxies have been observed to be involved in cryptocurrency theft, Malware-as-a-Service activities and general data theft. And, due to the stealthy nature of the attack, the victim will have no idea what’s taking place.
The infected routers are also being sold as part of proxy-for-hire services like 5Socks and Online Proxy. These are underground networks where hackers can purchase access to compromised routers, allowing other them to disguise their malicious tracks by appearing to connect from genuine and trusted IP addresses. This innovative approach helps protects the trackers true destination from any law enforcement investigations and, instead, appears to incriminate innocent homes and businesses.
The FBI has also revealed that some of the compromised routers appear to have been used by Chinese-sponsored hackers to attack major US infrastructures, indicating a professional operation designed to create maximum damage.
How Do You Keep Your Router Safe?
This latest attack may be stealthy, but there are often telltale signs that your router has been compromised. Slower internet speeds, for example, are a common side-effect caused by the lack of resources available for genuine tasks. The increased activity can also lead to overheating alongside the appearance of new administrator accounts, and unusual internet traffic patterns.
In order to maintain the security of your router, make sure you follow these steps:
- Upgrade Your Hardware: If your router is no longer supported by the manufacturer with security updates, you have no alternative but to replace it. This is the single most effective way to block attacks of this nature and failing to do so will instantly increase the chances of your defenses being breached.
- Change Default Passwords: Routers are well known for being shipped with default passwords, which represents a major security risk. Accordingly, it’s vital that you always change default usernames and passwords before any routers are made active on your network.
- Monitor Your Network: Install firewalls, intrusion detection systems, and network monitoring tools to record and identify any abnormal traffic patterns or device behavior. The earlier these are the detected, the quicker you can limit the impact of the breach.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More