You may unknowingly be part of a Russian hacking campaign.
No, I’m not talking about election tampering; this is a different, but ongoing, tactic. Hackers are targeting the types of routers and firewalls, including those used in homes and small businesses. The U.S. Computer Emergency Readiness Team (US-CERT) released an unusual joint warning with the U.K.’s National Cyber Security Center to announce this risk.
Russians and Routers: What’s Happening
Since 2015, Russians have been targeting network infrastructure devices that use outdated and unencrypted protocols, are misconfigured or are so old they no longer receive security patches. Once they find these weak devices, the hackers have access to all types of critical data, including login credentials and other vulnerable devices that connect to the network.
Theft of sensitive information and intellectual property is only one of the goals here. Because it is Russia, talks of espionage and nation-state attacks are a concern.
“The compromised routers are only part of the attack and eventual impact,” said David Ginsburg, vice president of Marketing at Cavirin. “Look at both Mirai and Reaper, where the ultimate goal was a DDoS attack against other assets, most notably the Dyn attack that took down many internet properties in the U.S. and Europe. This type of attack, against servers or the internet infrastructure itself, is the most probable scenario, with the routers managed as a botnet against corporate or government assets.”
Taking Advantage of Our Own Failures
This particular hacking campaign doesn’t rely on a sophisticated attack vector, cutting-edge techniques or much ingenuity at all. They’re not using a stockpile of zero-day vulnerabilities that no one has previously discovered. Rather, we are opening the door and giving them free access to our routers because of our own bad behaviors. They are, as Nathan Wenzler, chief security strategist at AsTech explained, simply taking advantage of the poor effort we all make to ensure that devices we attach to the internet are configured well and secured.
“This is something the security community has been talking about for many years, but from a cultural standpoint, we simply don’t care enough to secure these devices properly and prevent these kinds of attacks from happening,” Wenzler stated.
The neglect of network device security is a multi-tiered problem. Manufacturers don’t have the incentive to add security software into routers and firewalls. The responsibility to set up security is left to the user, and most users don’t know how to get into their router and configure it properly. The device comes with a default user password, and we never change it. We ignore or forget to download firmware updates that include patches. And network devices, especially in the home or small business, are forgotten about until they don’t work or network services are being upgraded. They aren’t like smartphones, wherein obtaining the latest and greatest model is a high priority.
“We’ve been setting ourselves up for an attack like this for a long time,” said Wenzler, “and now we’re starting to see the cusp of what this problem will look like.”
Have I Been Hacked?
Unfortunately, most of us won’t know if our routers were compromised. Because the hackers aren’t taking advantage of a real exploit, it’s likely that everything will appear normal.
It is time, however, to step up security practices to better protect your router and the assets that connect to it. If you own your own router, make sure that the firmware is up to date. (If you rent your router from your internet service provider, updates should be handled by the provider.) If you still use the default password that came with the device, change it now to something unique. You may want to rename the device name, as well, to make connections between router and password more difficult to detect. You don’t want outsider to log in and configure the device any way they want.
“What we need more than anything else is for the consumer base to start making secure devices a priority and demanding that manufacturers release their products in a secure-by-default configuration,” said Wenzler. “Until we change the fundamentals of how we connect to the internet, we will continue to be at risk from the kinds of dangers represented by this official alert.”