The FBI has released a security notice warning about the risk of cyber attacks targeting end-of-life routers. These routers are no longer supported by their makers and do not get new software updates or security patches. Because they are not updated, they are more likely to have known weaknesses that cyber criminals can use to take them over. The main threats listed in the notice come from malware groups that use hacked routers to build botnets. Botnets are networks of infected devices that can be controlled from a distance. Some groups even use these routers to hide their activities when they try to access important U.S. systems.
The notice calls out two main services, 5Socks and Anyproxy, that are known for using this method. The way these groups work is by finding routers with known weaknesses and then uploading malware onto them. Once the malware is running, the attacker can get full control over the device. Some of these attacks come from groups located in China, and their main goal is to hide their real location and get into important systems without being noticed. The infected routers keep in regular contact with the main botnet control server, checking in as often as every minute. The malware will also open ports on the router, which lets the attacker use it as a proxy. This means other criminals can pay to use the infected router to hide their own web traffic.
The FBI has shared a list of router models that are most at risk. These include:
- E1200
- E2500
- E1000
- E4200
- E1500
- E300
- E3200
- WRT320N
- E1550
- WRT610N
- E100
- M10
- WRT310N
If you have one of these routers and it is no longer getting updates from the maker, it is more likely to be a target. Attackers can get around password protection and use the router’s remote administration feature to gain deeper access. From there, they can install the malware and add the router to their botnet.
For anyone who owns one of these routers, the FBI recommends replacing it with a model that is still supported by the maker. If buying a new router is not possible right now, you can make your current router safer by turning off remote administration and restarting the device. You should check your router’s manual to find out how to disable remote access. This will make it harder for attackers to get into your device from the outside.
The notice also asks people to report any unusual activity that might point to a hacked router. The FBI wants to know the date, time, and location of any events, what kind of activity was seen, how many people or devices were involved, and who to contact at your organization. Reports can be sent to your local FBI field office.
For more information on the exploit, check out the full press release here.
