Hacking attacks on your router: Why the worst is yet to come

Vulnerabilities in routers are an easy target for hackers - and attacks are becoming more destructive.
Written by Danny Palmer, Senior Writer

Cyber criminals are only scratching the surface when it comes to exploiting vulnerabilities in routers to conduct hacking campaigns – and the worst is yet to come, with attackers set to use compromised devices for a wider variety of malicious activities.

2018 saw a number of high profile campaigns which involved attackers going after routers. So great was the risk of one particular campaign - VPNFilter, a malware suspected to be the work of Russian state-sponsored hacking and cyber espionage group Fancy Bear – that the FBI issued a warning to businesses and households to immediately reboot routers to counter the threat.

However, it's likely that many didn't heed this warning and that many home and office routers are still highly vulnerable to attack – figures in Avast's Threat Landscape Report for 2019 suggest that 60 percent of users have never updated their routers firmware, leaving them open to attacks primed to exploit simple vulnerabilities.

With a significant number of routers ultimately forgotten about after being initially set up – unless the internet connection goes down - those who fall victim to router-based malware attacks might never realise their device has been compromised. 

In many cases, poor device security such as weak passwords can allow attackers to gain access to the device with minimal effort be it via brute-forcing passwords, or the use of simple malware.

See: What is the IoT? Everything you need to know about the Internet of Things right now

Indeed, many cyber criminals have taken to exploiting the source code of the Mirai botnet malware in order to launch attacks against routers and other Internet of Things devices.

These low-level attacks are often designed to hijack the router for nefarious tasks including DDoS attacks or malicious cryptomining – but more sophisticated hacking operations are increasingly targeting routers as a means of gaining access to networks and data sent and received across them.

This is the case VPNFilter, which can monitor the network traffic and devices using the router – as well as retrieving new commands or new malicious payloads to distribute to those using the network. VPNFilter is also capable of acting as a destructive wiper, allowing the attackers to wipeout the firmware of infected devices, essentially bricking them and making them useless.

"This 'platform-ification' of IoT malware opens up many possibilities for bad actors who can re-purpose it for a multitude of nefarious activities including pay," warns the report.

See: Special report: Cybersecurity in an IoT and mobile world (free PDF)

According to Avast researchers, hijacked routers can be repurposed to steal banking credentials by injecting malicious HTML into specific webpages displayed on smartphones and mobile devices, asking users to install a malicious app which can be used to gain access to usernames, passwords and two factor authentication credentials.

"PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks," said Ondrej Vlcek, President of Consumer at Avast.

"People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces."

Law enforcement agencies regularly offer advice on how to ensure routers are as protected as possible from cyber attacks: the FBI recommends that users change default usernames and passwords, ensure patches are applied when issued and if necessary, to keep connected devices on a segmented network.


Editorial standards