Is your router a gateway for criminals?

The prevailing wisdom is to make sure that your computer and any linked cloud services are protected to the hilt with software and support services to detect and prevent malicious ransomware and other cybercriminal attacks.

However, another vulnerable frontier is every user’s gateway to the internet: the router. What’s more, Draytek routers, popular in South Africa among home office users and small and medium-sized businesses with up to 500 users, have been found vulnerable to malware that allows cybercriminals to take over the router remotely.

While major malware and ransomware incidents frequently make headlines in the media, router vulnerabilities are not as frequently publicized – but the outcomes of these violations could be immensely damaging to the businesses they affect.

For example, if a router at a business whose access control was managed over the internet, the compromised router would give cybercriminals access to the internal network. Leveraging past insecure firmware updates, criminals could make surveillance cameras ‘loop’ on empty footage, making it possible to gain access without detection, and tamper with or steal items and documents.

A compromised router also makes it possible for cybercriminals to snoop on non-encrypted internet traffic, redirecting DNS requests to attacker-controlled servers, making it possible for external parties to access unprotected internal resources and unprotected devices, particularly those with weak passwords. This in turn leads to credentials theft, and the theft of intellectual property and competitive information.

This type of criminal access also leads to third parties being compromised, such as clients, suppliers, or even other entities in a shared supply chain.

Attacks via compromised routers are most frequently targeted at companies with small or medium-sized digital infrastructure, such as independent law firms, private clinics and other healthcare facilities, agencies, and even news organisations.

These organisations may feel a false sense of security because they don’t think they’re as big or important to cybercriminals as big corporates or governments, but they still hold a treasure trove of personal data and are linked to ‘bigger fish’, making them ideal targets for malicious actors wanting to harvest information for illegal use, or for ransom.

While the ransomware hits that make the news are usually about big companies, cybercriminals know that these organizations typically have a living security solution in place, with extended detection and response protocols (XDR) in place. That’s why they’re content to turn their attention to small environments that are easier to access and more likely to pay a ransom because they don’t want to attract any negative attention from clients.

Small and medium-sized businesses can access XDR solutions, which integrate multiple security products into cohesive security systems, providing a holistic but simple view of threats across a business’s entire technology stack – including its routers.

The growing shift to work from home, which means that privately owned routers are linking into businesses’ networks, means that it’s more imperative than ever for enterprises of all sizes to have a unified and proactive approach to cybersecurity. Every business – no matter its size – needs to protect its entire landscape of technology assets, including all endpoints, mobile, network, and cloud workloads.