Are you still using a router that’s past its prime? If so, you could be opening yourself up to a malicious attack. The FBI is warning that cybercriminals are targeting routers that have reached their end of life and are no longer supported by the manufacturer.
In an advisory and a PSA published last week, the agency said that attackers are deploying malware against many older routers. Typically dated from 2010 or earlier, these routers have already reached end-of-life, which means the manufacturer no longer sells or supports them. That means they no longer receive software updates or security patches, leaving them vulnerable to compromise.
Also: Are VPN-ready routers the best home Wi-Fi upgrade? My buying advice after testing one
Due to the lack of manufacturer support, cybercriminals have been able to exploit security vulnerabilities in the routers and control them via built-in remote administration. They then install malware and force the devices to join a botnet. From there, they can manipulate all the compromised devices to launch coordinated attacks or sell access to them to other criminals.
Even if the remote administration is password protected, attackers can bypass the security and gain remote command-line access to the routers. This is due to the strain of malware known as TheMoon.
“TheMoon malware was first discovered on compromised routers in 2014 and has since gone through several campaigns,” the FBI said. “TheMoon does not require a password to infect routers; it scans for open ports and sends a command to a vulnerable script. The malware contacts the command and control (C2) server, and the C2 server responds with instructions, which may include instructing the infected machine to scan for other vulnerable routers to spread the infection and expand the network.”
The FBI cited the following routers as vulnerable to the malware:
- E1000 (Linksys)
- E1200 (Linksys)
- E1500 (Linksys)
- E1550 (Linksys)
- E2500 (Linksys)
- E3200 (Linksys)
- E4200 (Linksys)
- WRT310N (Linksys)
- WRT320N (Linksys)
- WRT610N (Linksys)
- M10 (Cisco)
Your router should display its model number on the back or bottom of the unit. So, what do you do if your router is on the list or you’re just worried about your old device being vulnerable?
The first and most obvious answer is to dump it and buy a new router. A decent router can be found for under $100, though more capable and advanced ones will cost double or triple that. Whatever your budget, you don’t want to risk someone hacking into your router and installing malware.
Also: The best Wi-Fi routers you can buy
In the meantime, you can take other measures. If security patches are still available, download and install the latest ones. Next, log into the router’s firmware and disable the remote administration feature. Save your changes and then restart the router. Finally, switch your router password to something stronger and more secure.
Stay ahead of security news with Tech Today, delivered to your inbox every morning.
Security
Sharie Volkman
Read More