Flawed routers in use by millions are at risk for cyberattack

Routers listed with serious flaws read like an electronics shelf at Best Buy with big names likely deployed at your home.

The most serious of the security concerns have the Department of Homeland Security saying certain routers should be disconnected if still in use.

Researchers have discovered an earlier problem with a number of routers that is far more worrisome.  A Russian-based malware attack dubbed the “Cyclops Blink” botnet malware infection is like a massive fire that seems to rekindle, smolder and rage.

 

A security flaw in many weak and poorly designed router controls allows malware to infect the router itself.   Criminal hackers can take control and exploit traffic moving through a router.

It’s bad enough when one router is infected.   When the threat spreads to multiple routers, it’s a national security ticking time bomb.




With control of hundreds of thousands of infected routers, a large scale disruption could be triggered by an attacker at any time.

For one, what would it look like if a half million routers in the U.S. were shut down instantaneously and the owners locked out of the controls?

That is the intent of Russian-based Sandworm, the most notorious Kremlin-sponsored hacking group comprised of the smartest cyber minds capable of unimaginable disastrous deeds.

They are behind the latest threat – “Cyclops Blink” malware infecting routers.

If successful – and they’ve done it before – with a number of popular router brands, a hacker could gain access to all traffic coming and going through your router and shut you out at will.

That’s just one major security vulnerability out of several flaws found on very commonly used routers.

 

If you have a router from one of these companies, keep reading.

  • Netgear
  • D-Link
  • Linksys
  • Cisco
  • TP-Link
  • Asus
  • MikroTik
  • DrayTek
  • Edimax
  • AVM
  • Synology

Experts say there could be other routers at risk, these are makers of router models known to be vulnerable.  One researcher who identified a number of risky routers says the most flawed one is the TP-Link Archer AX6000 found with over 30 security issues.

The US Government’s Cybersecurity & Infrastructure Security Agency, CISA, has added a number of these flawed routers to its list of known exploited vulnerabilities.

That’s after learning of a much more sinister infiltration that silently invaded the U.S.

Russian state-sponsored hackers have already been identified attacking Asus home WiFi routers in the United States, Canada, India and Italy according to Trend Micro.

In these more recent router attacks, Cyclops Blink botnet malware is infecting at least a dozen Asus router models too.

 

This menacing Russian threat finding its way onto routers here in the U.S. and other western countries means, at its worst, a hacker could read and record all data flowing through the router.

That includes

  • exposing the details of email messages
  • tracking websites visited
  • mining financial data in forms and fields including banking credentials from an app or website
  • stealing private logon information such as social media accounts, passwords
  • gathering enough about you to go as far as to take control of your computer or laptop

Some routers are in worse shape than others allowing commands to be run without the hacker needing a password.

Here’s another problem.   Router companies are not generally fast enough to patch flaws and fix holes hackers find to get access.  Older routers may not be able to protect against the attack.

In some cases, updating the firmware is important but does not solve the security vulnerability.

That is why using strong antivirus protection on each of your devices and making sure all firmware and operating software is kept current are more important than ever.  That’s the best way to shield against ongoing threats.

 

Easy answer.  They want to turn routers connected in the United States into Russian weapons.

It’s not the first time the Russian-based Sandworm hacking group infected routers.  Researchers identified an earlier attack using VPNFilter malware in 2018 that compromised 500,000 routers on US soil.

In a rare admission in early April, the FBI says it remotely accessed and disinfected devices running the Russian strain malware “Cyclops Blink” on larger enterprise routers.

This cyber superhero FBI secret operation involved a federal warrant and special cyber agents accessing infected “WatchGuard” devices.  WatchGuard is largely deployed to protect large networks from outside threats on the internet.

The FBI felt they needed to act fast.   The agency outsmarted the Russian malware, quietly removed the danger and sealed off open ports that let in trouble in the infected routers.

Is that supposed to make us feel safe about our own personal privacy when the FBI proves they have such easy access?

To what extent their work reached is not clear.  I would not rely on your infected router being wiped clean by Uncle Sam.

 

The basics in knowing if your router is at least updated with current software that addresses any known vulnerability is the least we can do at this very moment.

In most cases, what you will need to do is not so simple.  But you can do it and should do it without delay.   I’ll do my best to put it into easy to follow steps:

  1. Lookup the make and model of your home router
  2. Download the official app or use the web interface from the company that makes your router (only use one from the manufacturer, not anyone else)
  3. Sad to say, the older your router is, the less likely its firmware is maintained regularly so this process may lead you to wanting to replace your old with a new router (my suggestions here)
  4. Once you follow the instructions from the maker to access control,  write down all of the login credentials and configuration information to keep in a safe place
  5. Change any firmware setting to allow it to update automatically
  6. Change the default username and password that came with your router using a strong password and nothing that identifies you or the router in the name
  7. Disable WPS security setting on your router for the safest outcome since it is often targeted by hackers in brute force attacks.  That’s when hackers deploy multiple trial and error attempts to gain access.
  8. Rename your router SSID (the name of your wireless network that broadcasts to the public) removing the make or model name of the router and anything identifying you.

 

Don’t be afraid to look up and call the support number for your router maker for some handholding.  If it’s one of the listed manufacturers, they have no business trying to charge you a penny for something their failure in design and security causes you.

If you think your router has been infected, the best advice is to do a factory reset followed by a firmware update.  Always write down any router settings and configurations that may be wiped out in a factory reset before proceeding.

 

I think we are all going to look back at this moment of waking up to the extreme dangers attacking everyday routine technology and wonder what we were thinking back then to let these criminals run amuck.

In the meantime, my biggest desire is to educate and inform you about the increased real threat to each of our connected devices and encourage you to use strong antivirus security protection on everything in your life connected to the rest of the world.

The best way to protect yourself is to install antivirus software on your devices.  Our top choice for Antivirus software is TotalAV.  It’s super easy to install and you’ll have peace of mind knowing you’ll have real-time protection, phishing scam protection, ransomware protection plus more. Protects Windows, Mac, Android & iOS Devices.  Limited time deal for CyberGuy readers: $19 your first year (80% off).

 

Related posts

Is your Social Security number at risk? Signs someone might be stealing it

Updated Android malware can hijack calls you make to your bank

Robot dog is making waves with its underwater skills