Home router manufacturers are adding more features—telephony services, wireless access points, VPN, User Access Control (UAC) to name a few—to their routers so they can contend with the proliferation of multi-functional Internet of Things (IoT) devices. Similar to small servers, multiple types of information from different devices pass through home routers. With this increasing complexity, more security risks are introduced within different levels, from the router’s operating system (OS) and management to its hardware and web applications.
The mounting risks are only compounded by the fact that routers have had a security problem for years. Home routers are major targets for malicious actors, and we have seen cybercriminals increasingly turn their focus to these devices.
A compromised home router can open up the user to significant consequences: information or even identity theft, malicious sites and advertisements, VoIP fraud, and more.
Cybercriminals can also profit by using compromised home routers in for-profit distributed denial-of-service attacks (DDoS) or as part of a rented botnet. Botnets have become quite profitable—renting a botnet of 100-150 bots per day cost €95 (or US$102.19), based on a listing in the French underground in 2016.
Users whose compromised routers are turned into bots are only minimally affected in terms of bandwidth resources. While they might not even notice that their routers are being used for illicit purposes, the effects are serious and widespread. Services and businesses hit by a DDoS attack have to contend with possible monetary loss, damaged reputations, and of course, service disruptions for their customers. Last year major sites like Twitter, Reddit, CNN, and Netflix were affected by this.
Compromised users are unwittingly involved, but can take some effective steps to prevent such attacks by securing their home routers.
1. Malicious actors commonly abuse the default passwords on IoT devices, as we’ve seen recently with the IP camera-targeting botnet Persirai. Routers are in a similar situation as they are devices built and configured for ease-of-use—shipped with minimal security features and default passwords. A lot of routers also have built-in remote management features that can be used to modify the router’s settings.
To manage these risks, users should:
2. Malicious actors are also constantly probing and finding new vulnerabilities in home router’s systems. They can easily use an online tool to find susceptible routers—there is a well-known public search engine that lists known vulnerabilities that can be exploited.
Users can protect themselves from known vulnerabilities by:
3. Mirai and similar malware are evolving and leverage new techniques—recently they started to use different ports to compromise Linux-based firmware, including routers. Malicious actors also continue to use malware targeting DNS settings on routers. In 2015 we discussed malware that redirected affected users to malicious sites by tampering with the DNS settings on the router. And last year we saw that mobile devices were being used to execute DNS malware against home routers.
Aside from mentioned best practices like using strong passwords, using non-default IP addresses, and turning off remote management features, users can mitigate this threat by:
Aware and taking action against these mounting threats to users, Trend Micro partnered with ASUS to create a more secure home router. ASUS wireless home routers are now pre-installed with the Trend Micro™ Smart Home Network solution, which has web protection and deep packet inspection capabilities.
For more advanced users who may want more in-depth security steps, download our comprehensive guide: Securing Your Home Routers: Understanding Attacks and Defense Strategies.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.