NovaBACKUP-blog-header-1

Stay up-to-date on all things backup, data security and more!

 

Is Your Router Being Exploited?

by Sean Curiel, on Dec 4, 2018 2:39:43 PM

Router-exploit

Most of us are aware of the top ransomware attacks of 2017 which include WannaCry and NotPetya cyber attacks. What may be less common knowledge is that these events were carried out thanks to a tool developed by our very ownnsa National Security Agency (NSA) called EternalBlue, stolen and leaked by a hacker group called the Shadow Brokers. And while Microsoft has issued a patch to address the vulnerability, many unpatched machines still exist, and brand new ways of using the EternalBlue tools have recently been discovered.

It has been recently reported that more than 45,000 routers are vulnerable to a new campaign which utilizes a weakness in the Universal Plug and Play (UPnP) protocol. UPnP works to let devices automatically communicate and connect across a network, but is being used maliciously to force open specific ports and expose millions of devices connected to these internet routers.

As to what type of damage will occur from future attacks utilizing these weaknesses, we can only speculate. But taking over devices in order to perpetuate ransomware, or conducting denial of service attacks - certainly isn’t out of the question.

So what can you do about it today?

  • First of all, disable UPnP wherever possible
  • Disable auto-wifi configuration
  • Update the firmware on all of your routers, especially older devices
  • Avoid connecting hard drives to USB router ports
  • Utilize a host-based firewall for granular security
  • Train staff in how to rapidly respond to an attack

And as always, maintain a secure backup with a strategy that follows best practices to ensure that your critical data is always recoverable. Our Ransomware Prevention Checklist helps ensure that all your bases are covered.

Categories:Best PracticesSecurity Threats / RansomwareIndustry News
Sales-support-icon
Talk to a Backup Expert
Our support engineers are here to assist you.

Request 30-Minute Consultation »

Search NovaBACKUP Site

training-icon
Request a Trial
Get a free trial of our software in your environment.

Request a free trial »

cloud-backup-as-a-service

More...

Newsletter Signup

I have read and agree to the use of my personal data as described in the NovaBACKUP Privacy Policy.