Modern day web security means you have to keep all your senses open and be alert to any potential breaches to your security. Not everybody includes their home router on the top of their web security priority list and since it is often over-looked, cyber criminals have found ways to access your home network and access your personal files without you even knowing about it.
Home routers nowadays come with all sorts of security features including telephony services, VPN, wireless access points, user access control (UAC), to name a few. Reason being, just like servers, home routers have multiple types of information from different devices passing through every second and with this comes a greater security risk from the router’s operating system (OS) and management to its hardware and web applications. It appears that home routers have had security problems for a number of years now and that they have been popular targets for cyber criminals for quite some time.
So what can happen once a home router is compromised?
A compromised home router can result in endless consequences. The most obvious and probably the most lethal is the infiltration and access to your personal files. Depending on the cyber criminals’ level of expertise, this is enough to wreak enough havoc on the victim(s). All cyber criminals target a victim. Some hack in routers for non-data compromise ways including VoIP fraud and malicious advertisements.
Botnets are a popular reason for attack. Botnets are remotely controlled malware which infects devices such as home routers and can be used for profit distributed denial-of-service attacks (DDoS) or as part of a rented botnet. Botnets have become quite profitable – renting a botnet of 100-150 bots per day cost AU$140. Users will most likely never notice that their routers are being used for illicit purposes but the results and effects are very serious and widespread. With regards to home routers, botnets will usually just eat up bandwidth. However, services and businesses hit by a DDoS attack have to contend with possible monetary loss, damaged reputations, and of course, service disruptions for their customers. Last year major sites like Twitter, Reddit, CNN, and Netflix were affected by this.
What threats are there to home routers?
Malicious actors commonly use and abuse the default passwords on the router. Since routers are usually shipped with minimal security features and configured with ease of use in mind, without the proper security configuration they can be easy targets for cyber criminals. A lot of routers have remote management features which simply increases the security risk of the router.
Tips to manage this risk:
- Choose a reliable home router – Best to buy a branded router with premium security features. For the average household, any router will do. Not all routers are fully-equipped to protect you from cyber criminals who are constantly trying to access your router every minute of the day. Not all routers have built-in security features – like web threat protection and the ability to detect malicious network traffic – and are protected against backdoors and other malware.
- Always change the default password – Often easy to bypass, the default password needs to be changed immediately upon setting the home router up. Also, choose Wi-Fi Protected Access (WPA)2- Advanced Encryption Standard (AES) as your home router’s wireless encryption scheme.
Malicious actors are persistent in finding vulnerabilities in home routers. At the same time cyber criminals are constantly leveling-up their knowledge regarding attacks and are exploiting weaknesses in manufacturers’ routers.
Tips to manage this risk:
- Update firmware – Most buyers will never update the routers firmware for the lifetime of their ownership. Cyber criminals bank on this fact in the hope of successfully compromising their router. Updates to firmware and software usually covers bug fixes and security issues, but most users seem to bypass this and never update. It is highly recommended that users apply the latest patches provided by the vendor, since unpatched vulnerabilities are a popular entry point for threats.
- Changing settings on the management access page –
- Refrain from using IP addresses which end in “.1 or .100 or .254”, instead use random numbers.
- Use SSL on the management (admin) page.
- Only access the management in a wired state – use an Ethernet cable. Turn off access using wireless method.
- Disable access to the management page via remote.
- Disable the Universal Plug and Play (UPnP) feature if you don’t use it.
- Configure a “Guest Network” for guests and visitors, allowing them to have their own network outside of your own.
- Disable Wifi Protected Setup (WPS).
- Changing settings on the management access page –
Malicious actors continue to use malware targeting DNS settings on routers. In 2015, it was reported by Trend Micro that some malware redirected victims to malicious sites by tampering with the routers DNS settings – 2016 saw a sharp increase in mobile devices used to execute this attack.
Tips to manage this risk:
- Check and manage DNS settings – To do this, log in to the admin page of the home router and search for the DNS settings. A user can discover which DNS servers’ IP addresses the home router is forwarding queries to. With this information, sites like WHOIS can help users determine if the IP addresses are malicious. Once compromised there’s no saying how reliable the end results will be once the DNS settings have changed.
IntelliTeK is one of the fastest growing IT service providers that you will find on any list of managed service providers in Australia. We are always up to date with the latest threats to emails and IT security which is why we only partner with the best in the industry.
If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.