router Archives

Netgear RAX30 Routers Rocked by 5 Security Flaws

login credentials, Netgear RAX30, Ophtek, router, router firmware update, Security, WPA2 encryptionFirmware update, Login credentials, Netgear RAX30, Ophtek, router, security, vulnerability, WPA2 encryptionOphtek, LLC

Jul 2023

Routers are an essential part of any modern business which uses IT systems. But what happens when you’re working with a compromised router?

Routers are devices which help to connect different networks together. They receive data packets from one network, analyze the destination address, and then forward the data to the relevant destination network. Essentially, a router is used to facilitate communication between different devices and networks. The internet, of course, is crucial to directing this data and this makes routers highly attractive targets for threat actors.

Therefore, the discovery of a vulnerability within a router presents a significant threat to your cybersecurity. But, when there are five vulnerabilities within the same router, you have a disaster on your hands.

A Quick Guide to the 5 Vulnerabilities

Netgear has had to concede that their Netgear RAX30 routers have been exposed as lacking that seal of quality when it comes to security. A router, after all, is your gateway to the internet, the place where all your communication begins. If this is compromised, then a whole world of trouble is just waiting to take advantage. The five vulnerabilities picked up for the Netgear RAX30 routers are:

CVE-2023-27357: this security flaw allows external attackers to identify and record sensitive information passing through Netgear RAX30 routers.
CVE-2023-27368: an attacker can use this vulnerability to execute malicious code on the compromised routers. And, as user data is not being correctly validated by the Netgear RAX30 router, threat actors are able to avoid having to authenticate their access.
CVE-2023-27369: much like the previous vulnerability, this specific flaw allows attackers to run malicious code, or indeed any code they like, on affected systems.
CVE-2023-27370: unfortunately, for users of the Netgear RAX30 router, sensitive configuration data is stored in plaintext on the router. This allows attackers, who can easily bypass the authentication mechanisms, to steal system credentials with ease.
CVE-2023-27367: the final vulnerability known to be affecting the Netgear RAX30 router is, again, one which allows attackers to exploit it and run malicious code through it.

With all five vulnerabilities scoring highly on the Common Vulnerability Scoring System (CVSS) – with three of them gaining a CVSS of 8 or above – Netgear has a big problem on their hands.

How Do You Safely Secure Your Router?

Netgear has been quick to address the five vulnerabilities, with an updated firmware version released on April 7, 2023. However, it’s important that you always make sure your router is as secure as possible. And you can do that by putting the following into action:

Always change default login credentials: some routers are shipped with default login credentials, but this makes them incredibly easy to guess. In fact, many lists of default credentials can quickly be found online. Accordingly, make sure you always change your router’s login credentials before going online with it.
Enable WPA2 encryption: Another way to protect your router is to enable WPA2 encryption. This will secure the wireless network and prevent unauthorized access. Make sure to use a strong encryption key and avoid using common words or phrases that can be easily guessed.

Always update your router: regular firmware updates and patches ensure that your router remains as safe as possible. However, it’s crucial that you install these as soon as possible. Sometimes it can be time consuming to go through the update process, but it can save you major headaches further down the line.

For more ways to secure and optimize your business technology, contact your local IT professionals.

ZuoRAT Malware: A New Threat to Routers

malware, Ophtek, router, security, Trojans, Updates, ZuoRAT Malwaremalware, network, Ophtek, router, security, Trojans, updates, ZuoRATOphtek, LLC

Jul 2022

Small businesses rely on routers to keep themselves and their customers connected. But this relationship could now be at risk due to the ZuoRAT malware.

For online communication to work, data needs to move from one computer network to another. And this is exactly what a router does. By directing traffic across the internet, a router can be used to deliver emails, transfer files and stream videos between PCs. Without a router, you simply won’t be able to send or receive data. So, as you can see, they’re an essential part of any small organization’s IT network. Unfortunately, this is the type of IT necessity which hackers love to interfere with. And the ZuoRAT malware does this with a disturbingly sophisticated ease.

The Lowdown on ZuoRAT

ZuoRAT is a strain of malware which takes advantage of vulnerabilities in routers produced by the popular manufacturers Cisco, Netgear, DrayTek and Asus. By exploiting these vulnerabilities, ZuoRAT can access local area networks (LAN) and harvest network traffic from the infected devices. This information is then transmitted to a remote ‘command and control’ server, so, for example, any login credentials which pass through your router will be transmitted to the hacker’s server.

However, ZuoRAT doesn’t stop at hijacking LAN traffic; it downloads additional malware in the form of two further remote access trojans (RAT). These RATs are used to infect devices connected to the network and facilitate the spread of the infection even further. This could, in theory, lead to the infected network being converted into a botnet or, worse still, allow the spread of ransomware across the network.

Although ZuoRAT is relatively new, it has been active in the digital wild since April 2020, and this has given it plenty of time to exploit a wide range of routers. It’s also important to point out that ZuoRAT made its debut at the start of the Covid-19 pandemic. Given that it targets SOHO (small office/home office) routers, ZuoRAT was perfectly placed to attack employees who were working at home with limited IT support. As a result, it has been presented with an opportunity to steal sensitive data with relative ease.

Protecting Your Network from ZuoRAT

Due to the way in which it was designed – a custom build through the complex MIPS architecture – ZuoRAT is not detected by conventional anti-malware software. Therefore, if you own a router made by the affected manufacturers, it’s crucial that you make sure the associated software is up-to-date and fully patched. As ever, monitoring network traffic is a smart move as this will allow you to flag up any suspicious activity.

Final Thoughts

Threats such as ZuoRAT present numerous problems to organizations, most notably due to their multi-pronged attack strategy and stealthy nature. However, it also demonstrates a perfect example of why you need to manage updates relating to your IT equipment. Implementing an upgrade strategy which takes advantage of automated processes has never been more important.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Millions of Routers and IoT Devices Targeted by BotenaGo

BotenaGo, Cyber Security, Internet Traffic, IoT Attacks, Ophtek, router, Software Security PatchesBotenaGo, Internet Traffic, IoT, Ophtek, patches, router, securityOphtek, LLC

Nov 2021

Routers and Internet of Things (IoT) devices are essential when it comes to modern business. But this has made them a target for the BotenaGo malware.

Wireless technology is in place in almost every business in the world. The presence of routers allows PCs to connect to the internet and enhance their capabilities. IoT devices, meanwhile, bring wireless functionality to business such as wireless access to printers and data storage. Both routers and IoT devices, therefore, present an enticing opportunity to hackers. Compromising just one of these devices grants backdoor access to IT infrastructures. And this is where they can really cause your organization some damage.

BotenaGo is an innovative new strain of malware which has routers and IoT devices in their targets, so it’s crucial that you learn a little more about it.

What is BotenaGo?

The BotenaGo malware is difficult detect, but it appears that it’s hiding in plain sight. BotenaGo is written in Google’s popular Golang programming language, a process which has become steadily popular with hackers. Golang allows programmers to use the same code across different systems, so this saves significant time when coding. Malware, such as BotenaGo, coded in Golang can, therefore, spread across multiple operating systems with the same code.

BotenaGo is programmed to identify 30 different vulnerabilities and this is why so many routers and IoT devices are at risk. The malware starts by scanning the internet for vulnerable devices and then activates the available exploits. BotenaGo’s next step is to create backdoor on the infected devices, this is typically opened on ports 31421 and 19412. This allows the hackers to take control of the device. Further malware and DDoS attacks can then be launched using the victim’s internet connection.

How to Stay Safe

Malware which uses malicious links and attachments is easy to combat as it requires users to action the payload. The techniques used by BotenaGo, however, rely on system vulnerabilities that the average PC user will be unable to identify. Furthermore, current anti-virus software seems unable to detect BotenaGo. But there are ways you can protect yourself:

Install all Patches: Most exploits arise due to coding errors which have failed to fully protect the software. Hackers regularly comb software to discover these exploits and then use them to gain unauthorized access. And, therefore, software manufacturers release regular security patches, these plug any holes in the software and make it more secure. But the end user needs to make sure they are installed. This can be difficult to maintain manually, but Windows allows you to set all updates to automatic to make it easier.

Monitor Your Internet Traffic: BotenaGo is difficult to detect, but it does leave telltale signs as to its presence. A sudden increase in internet traffic, particularly through ports 31421 and 19412, should be a cause for concern. Accordingly, it’s important that your organization arms itself with traffic monitoring software to identify unusual behavior. Any increase in traffic should be investigated immediately and, where possible, access shut off immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Best Security Settings for a Business Router

business router, Ophtek, Password Security, Security, Security Threatsnetwork, Ophtek, passwords, router, securityOphtek, LLC

Nov 2019

A business router can help support your entire workforce and customer base, so keeping it secure is crucial. But how do you make sure it’s extra safe?

Small to medium businesses need computer networks to stay connected. They can be used to share resources, engage with customers and store valuable data. And a business router represents one of the simplest and most effective ways to achieve this. But the benefits associated with routers are also highly attractive to hackers. Therefore, keeping ahead of these hackers and securing your router should be a paramount concern.

The good news is that protecting your router isn’t rocket science. And, to help you get started, we’re going to show you the best security settings for a business router.

The Best Settings for Staying Secure

There are many ways to secure your router with some being simple and some being considerably more complex. Thankfully, to protect you from any technical headaches, we’re going to look at the simplest, but most effective settings:

Use Unique Passwords: Most routers come with a default password and this poses a major security risk to your router. If an external party discovers the model of router your organization is using then they are one step closer to cracking your password. But it doesn’t have to be this dangerous. Instead, you can set a unique password which is close to impossible to crack.

Change Your Network Name: It’s common for routers to use a default network name such as NetgearWiFi and, while this may seem of little significance, it’s yet another way in which hackers can gather details about your router. So, for example, if a vulnerability emerges that affects Netgear routers then a hacker would know how to strike your router. To reduce this risk you should change your network name to something that contains no identifying data.

Analyze Event Logs: By switching on the ‘event logging’ feature within your router you can start analyzing any changes that are made to your router. Logs are routinely saved which will highlight any unusual configuration changes or activity going through your router. And, with this data to hand, you can get a clearer idea of whether any unauthorized access to your router has taken place.

Limit Access: There are going to be very few people who need to access your business router. After all, the majority of your staff will be able to complete their daily IT tasks without needing access. And the less people that have access the better. The only people who need direct access should be your in-house IT team, so make sure that your router is correctly configured to facilitate this.

Final Thoughts

There are a number of ways that you can protect your business router and, as you can see, they are simple, but effective techniques. Even the smallest level of protection is enough to deter hackers, so if you can implement these methods then you should find that your router is safer than ever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Malware Helps Protect Infected Routers

Securitymalware, routerOphtek, LLC

Dec 2015

Malware is generally viewed as a nasty virus which causes nothing but chaos. However, a new piece of malware called Linux.Wifatch seems to improve security.

Usually the preserve of security breaches and data privacy concerns, malware is mostly in the news for disrupting commercial and domestic PC activity. Naturally, it’s an area where everyone needs to be on their guard to protect their data.

However, what if there were a new type of malware which bucked the trend and actually protected you from other forms of malware? It would be pretty special, right? And, it looks like it’s already here in the form of Linux.Wifatch, so let’s take a look at exactly how it works.

How Has Linux.Wifatch Found a Niche?

Internet routers are wonderful little devices, but the majority of users are notoriously sloppy when it comes to safeguarding them. You see, people are eager to get it out of the box and connected to the net as soon as possible, so they don’t even consider adjusting the default password or admin settings.

And it’s this neglect towards security that has allowed hackers easy access to countless networks in the past. In fact, November 2014 saw a huge security breach in Vietnam where millions of broadband routers had their traffic hijacked to mask online cyber crime being carried out by hackers.

Linux.Wifatch, however, looks to be a unique remedy to this potential threat.

What is Linux.Wifatch?

Linux.Wifatch is an intriguing piece of code which – as per most malware – sneaks into your system in a rather underhand manner. In the case of Linux.Wifatch it’s believed that it breaches your router by way of the telnet protocol – this software helps test connections to servers.

However, once it’s made its way into your router, it does the decent thing and closes the connection it’s got through on to prevent any more malware sneaking in. Not content with closing the doors, Linux.Wifatch will then prompt the router administrator to then change the router password. And it’s final chivalrous act is to set off in search of other malware in the router to destroy.

Is Linux.Wifatch All Good?

It may sound like a friendly virus, but don’t forget that Linux.Wifatch is still malware and the ‘mal’ stands for malicious! Sure, it provides some protection to your router, but it simply shouldn’t be there in the first place.

And Linux.Wifatch itself actually has a number of backdoors built into it to allow the author of the virus to use your router as they please.

With the virus spreading globally and affecting tens of thousands of users, it’s creating a lot of panic that this seemingly ‘white hat’ piece of software could suddenly turn nasty. So, in my opinion, the uncertainty surrounding Linux.Wifatch means a much better solution is to take your router security seriously from day 1 to prevent any security breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 Next »

Tag Archives: router

The Best Settings for Staying Secure

Final Thoughts

How Has Linux.Wifatch Found a Niche?

What is Linux.Wifatch?

Is Linux.Wifatch All Good?