NovaStor Logo

Looking for Enterprise Backup? Visit NovaStor.com

NovaBACKUP-blog

NovaBACKUP Blog

Stay up-to-date on all things backup and more!

 

Is Your Router Being Exploited?

by Sean Curiel, on Dec 4, 2018, 2:39:43 PM

Router-exploit

Most of us are aware of the top ransomware attacks of 2017 which include WannaCry and NotPetya cyber attacks. What may be less common knowledge is that these events were carried out thanks to a tool developed by our very ownnsa National Security Agency (NSA) called EternalBlue, stolen and leaked by a hacker group called the Shadow Brokers. And while Microsoft has issued a patch to address the vulnerability, many unpatched machines still exist, and brand new ways of using the EternalBlue tools have recently been discovered.

It has been recently reported that more than 45,000 routers are vulnerable to a new campaign which utilizes a weakness in the Universal Plug and Play (UPnP) protocol. UPnP works to let devices automatically communicate and connect across a network, but is being used maliciously to force open specific ports and expose millions of devices connected to these internet routers.

As to what type of damage will occur from future attacks utilizing these weaknesses, we can only speculate. But taking over devices in order to perpetuate ransomware, or conducting denial of service attacks - certainly isn’t out of the question.

So what can you do about it today?

  • First of all, disable UPnP wherever possible
  • Disable auto-wifi configuration
  • Update the firmware on all of your routers, especially older devices
  • Avoid connecting hard drives to USB router ports
  • Utilize a host-based firewall for granular security
  • Train staff in how to rapidly respond to an attack

And as always, maintain a secure backup with a strategy that follows best practices to ensure that your critical data is always recoverable. Our Ransomware Prevention Checklist helps ensure that all your bases are covered.

Categories:Best PracticesSecurity Threats / RansomwareIndustry News

NovaBACKUP Blog

The NovaBACKUP blog is focused on providing insight on data protection that is relevant to the SMB market and to managed service providers. 

Visit NovaStor blog for enterprise posts
Sales-support-icon
Talk to a Backup Expert
Our support engineers are here to assist you.

Request 30-Minute Consultation »

training-icon
Request a Trial
Get a free trial of our software in your environment.

Request a free trial »

Newsletter Signup