Is Your Router Being Exploited?
by Sean Curiel, on Dec 4, 2018, 2:39:43 PM
Most of us are aware of the top ransomware attacks of 2017 which include WannaCry and NotPetya cyber attacks. What may be less common knowledge is that these events were carried out thanks to a tool developed by our very own National Security Agency (NSA) called EternalBlue, stolen and leaked by a hacker group called the Shadow Brokers. And while Microsoft has issued a patch to address the vulnerability, many unpatched machines still exist, and brand new ways of using the EternalBlue tools have recently been discovered.
It has been recently reported that more than 45,000 routers are vulnerable to a new campaign which utilizes a weakness in the Universal Plug and Play (UPnP) protocol. UPnP works to let devices automatically communicate and connect across a network, but is being used maliciously to force open specific ports and expose millions of devices connected to these internet routers.
As to what type of damage will occur from future attacks utilizing these weaknesses, we can only speculate. But taking over devices in order to perpetuate ransomware, or conducting denial of service attacks - certainly isn’t out of the question.
So what can you do about it today?
- First of all, disable UPnP wherever possible
- Disable auto-wifi configuration
- Update the firmware on all of your routers, especially older devices
- Avoid connecting hard drives to USB router ports
- Utilize a host-based firewall for granular security
- Train staff in how to rapidly respond to an attack
And as always, maintain a secure backup with a strategy that follows best practices to ensure that your critical data is always recoverable. Our Ransomware Prevention Checklist helps ensure that all your bases are covered.