• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Internet of Things   »   Routers Under Attack: Current Security Flaws and How to Fix Them

Routers Under Attack: Current Security Flaws and How to Fix Them

  • Posted on:January 31, 2017 at 5:00 am
  • Posted in:Internet of Things
  • Author:
    Trend Micro Forward-Looking Threat Research Team
0

How is it possible for users to lose hundreds of dollars in anomalous online bank transfers when all of their gadgets have security software installed?

Last year, user Y, who is based in Brazil, lost R$600 (US$191.02, as of January 30, 2017) as a side effect of information theft. Upon discovering this, Y immediately called an IT technician to find the root cause. The technician originally chalked up the incident to Y accessing a fake website. But since no malware was found in the devices connected to the network, he then reviewed the home router settings. What he found was interesting:  even though the home router did not expose any remote management interface to the internet, the DNS settings were still modified. As a solution, the IT technician reset and reconfigured the home router to stop cybercriminals from making further bank transfers.

In another case, user X noticed R$3,000 (US$955.11, as of January 30, 2017) was deducted from her account last January 2016. Her home router was also infected with a malicious DNS-changing malware. But instead of bank websites, cybercriminals redirected her to spoofed pages of third-party sites used by banks, such as Google Adsense™ and JQuery.

Routers often have unsecure configurations that make them susceptible to malware attacks similar to the real-world cases we presented above. For one, security flaws exist in the operating system, firmware, and web applications of routers.  Attackers can simply use these vulnerabilities as entry points to further compromise the home network. In fact, there are a few tools and websites that  cybercriminals use to find vulnerable routers and obtain exploits for their attacks. Below is an example of such website:

Figure 1. A trading website that displays a list of home router exploits (Click to enlarge)

Predefined credentials in routers make it easy for web-based scripts  to bypass device authentication mechanisms and allow cybercriminals to perform  brute-force attacks.  Web-based scripts are an effective tactic to infiltrate routers. Another security gap are remote administration features in router firmware that cybercriminals can abuse to function as “built-in backdoors.” This could lead to a plethora of problems: remote code execution,  modified router settings to redirect to phishing or malicious pages,  and man-in-the-middle attacks, among others.  Vendors should make it a point to find and remove these backdoors in their products before attackers do.


Are home routers safe?

It’s easy to overlook router security in a home setting since most home router attacks are isolated cases or have very minimal effect on a user’s bandwidth. Unless a user experiences attacks like the ones mentioned above, router security is the least of a user’s concerns. This can be a problematic mindset moving forward. What home users need to understand is that home routers serve as a gateway in and out of their home. All the information coming from the internet will have to pass through it. Routers are their private property, and any form of compromise is like a form of trespassing. Some router threats that take advantage of its communications with connected devices can even make home users unwitting accomplices to cybercriminal activities.

Case in point, the Mirai botnet took advantage of unsecure IoT devices for different attacks last year. When the source code was leaked in a hacking forum, we saw new Mirai strains in the wild. Affected entities like small and medium-sized businesses (SMBs) may have to deal with business disruption, damaged reputation, or even productivity and profit loss.

Figure 2. Top countries affected by Mirai (August 2016- December 2016) (Click to enlarge)

 Mirai uses a predefined list of default credentials to infect devices. Knowing this, it is essential for home users to change router passwords. This measure can provide an additional layer of security. As we mentioned in our 2017 Security Predictions, the likelihood of Mirai-like threats used in distributed denial-of-service (DDoS) attacks may increase this year, so it’s necessary to take precautions.

Apart from botnet clients, other threats like rootkits that specifically infect Linux can also be dangerous to routers. Voice over IP (VoIP) fraud, which taps the telephony service in routers, could amount to additional charges in a user’s phone or internet bills.

How can home users protect their routers?

The first step in protecting home routers is choosing reliable ones. Some routers, like that of ASUS, are now bundled with security features. Trend Micro recently partnered with the brand to address home network security risks. ASUS routers come with features like deep packet inspection and web threat protection that filter threats before they reach users’ devices.

Aside from selecting a secure router, users should also change the default router password to thwart brute-force attacks. Regular checking of DNS settings can also aid users and SMBs to spot anything suspicious in their network. If a user’s router has a firewall, they should enable it as another form of protection against threats.

To better understand router threats and to learn how to secure your home network, read our research paper, Securing Your Home Routers: Understanding Attacks and Defense Strategies.

 

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: home routersrouters

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.