Hackers penetrate hundreds of thousands of home and office routers
Al-Eqtisadiah from Riyadh: Russian hackers have infiltrated hundreds of thousands of home and office routers around the world, allowing them to collect information about users and block and stop network traffic, according to a warning issued by the FBI.
The warning came after the US Federal Bureau of Investigation (FBI) was allowed to access a website that hackers intend to use to instruct routers, and although this cut off malicious connections and stopped later stages of malware from reaching devices that were infected in the initial stage, It left routers infected, so the new warning aims to clean up those routers. The impact of this malware that enabled hackers to penetrate routers has reached more than 50 countries, the site of many recent infections, and it is expected that hackers belonging to the Sofacy group are responsible for these attacks, as this group, also known as APT28 and Fancy Bear, has been blamed. , regarding several of Russia's most controversial hacks, including the hack of the Democratic National Committee during the 2016 US presidential campaign.
Cisco said the hacking campaign targeted Linksys devices from Belkin, MikroTik, Netgear, TP-Link, and QNAP. Router directives to temporarily disable malware and help identify infected devices, consider disabling remote management, changing passwords and upgrading to the latest firmware.
It should be noted that hackers use known vulnerabilities to infiltrate home routers and take advantage of them to gain control of the network, and these hackers are well funded. When a router is hacked, the hacker can damage not only the router itself, but every connected device running on the same network. To map the victim's internal network, collect usernames and passwords, modify router firmware, steal network administrator permissions, modify operating systems, change settings, spy on users' online activities and redirect them through hacker servers to take control of them.
Ways to protect routers
Cisco has advised all users to perform a factory reset of their devices, which will remove the malware from the first stage.
After these attacks were detected, the Computer Emergency Preparedness Team in the United States issued an alert about it, and experts point to some ways to protect "routers" that focus on updating the router's driver, canceling the router's remote management feature, and checking the network's DNS settings. And set up a dedicated network for the Guest Network.
It is important to update the driver software for the router that serves as the operating system for the device and if it is not kept up to date then attackers will be able to easily find vulnerabilities in the network and penetrate them.
And the user must change the default password of the router, as every hacker can access all the default passwords of all the “brands” of the routers, so the user needs to create a strong password for his router.
The remote router management feature must also be canceled, as many routers come with a feature that allows users to place a link on the Internet, through which they can enter their router settings from afar even if they are not connected to the same network, but these links are known so Someone may exploit it to hack the user’s router, and then the network, so it is important to cancel it because the chances of them needing it compared to the risk it might cause is very low, because in the case of hackers hacking the router they can also exploit the computer at the same time.
Experts advise to check the user's DNS settings and turn on the guest network, which is designed for people who visit the user's home or office. Familiar with the files.
You can do this by assigning a separate guest router to their own dedicated Wi-Fi network or by enabling the router's Guest Network option. Share it
Add a comment
