Vulnerabilities, Phishing, Internet Privacy only relate to big business, right?
Well, we would have to say that you’re totally wrong. Cyber security is a problem for everyone, from the end user at home to the large organization. It is definitely something we all need to be concerned with. Don’t believe me! Well maybe you will after I show you how vulnerable most home computers, mobile phones, tablets, and any other device that connects to the Internet really are.
Yes, we all do the basics when it comes to cyber security. We usually run an antivirus program on our devices, but most of us have overlooked the internet router, a prime target for cyber criminals. Yes, the router is a way in. Unfortunately, you and your Internet provider probably don’t even think about it. Most people simply set up their router once and then forget about it. You never, ever think of the router, unless you begin to have internet problems.
The latest malware, known as VPNFilter is targeting the lowly router – and it has already infected over half a million of them.
What is the purpose? Having access to all of these routers gives the hacker a huge botnet of connected devices he can control. A simple command could result in a flash memory deletion causing the router to become completely useless and prevent you from getting on the internet again – until you buy a new router that is.
But let’s say he doesn’t want to block you from the internet. Instead, he wants to spy on your activity, get access to your passwords, credit card numbers, etc. That is what he’s really after. And once the router is infected with this virus, it can be used for almost anything.
Making The Small Internet User An Accomplice
Of course, the biggest danger is making the small user an accomplice in a much larger cyber attack. The biggest danger is that a cyber attacker can use these large groups of connected devices to flood large corporate websites, bringing them offline. In fact, there was a case where the Mirai botnet managed to bring down entire internet services in several states of the US for most of the day. Router-based attackes can be so damaging that the FBI has started investigating – managing to shut down a server using the same VPNFilter malware that cyber criminals use to send commands to infected devices.
What Can We Do About This Cyber Attack?
Unfortunately, there is no real way to tell if your router has been infected. So far Linksys, Mikro Tik, TP-Link and Netgear routers have been hit by malware. But whether your brand of router is one of these or not, it is a good idea for you to take a few cyber security precautions.
Here’s what you can do:
Restart and Update Firmware
Restart the router. Although this will only temporarily disconnect from an infected network, it will give you enough time to update your firmware. You can find out how to update your firmware by going to the manufacturer’s website and going to the downloads section. By updating the firmware you apply the latest manufacturer fixes which secure it from the VPNFilter malware.
You will need your router’s serial number to get the proper firmware. Check on the underside or back side of your router for the make and serial number. Then you log into the administrator panel through your web browser and install the update. Look for the web address to the administrator panel in the instructions packaged with the router.
Normally, you should update router firmware every few months or so since routers do not perform an auto-update.
Change the Default Password
Most routers come with a default password or no password at all. The manufacturer does this on purpose because it helps consumers set up the router easily. Unfortunately, hackers also know the default passwords. Look up the instructions to find out how to change the password via the website offered by the manufacturer.
Turn Off Remote Access
Many routers allow you to access the administrative panel remotely via the internet. This is nice when you first set up the router but you want to turn it off so cyber criminals cannot access and they can also change the settings, especially if you are using the default password that comes with the router.
Do a Factory Reset
If you notice that the router is acting a little wonky and you have tried all of the above tips, do a factory to reconfigure everything from scratch. It is a hassle and it may not get rid of persistent malware but it will restore your device to its original setup allowing you to make necessary changes.
If you think cyber security does not affect you simply because you only use the internet at home, you would be wrong. Cyber security is something all Americans need to be on the lookout for. Just as you are alert to criminal activity in your neighborhood, you also need to watch out for cyber criminals who may be using your lowly router to build a powerful interconnected network and create havoc on the web.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.