Securing Your Routers Against Mirai and Other Home Network Attacks

View Securing Home Routers: Understanding Attacks and Defense Strategies

Do you know if your router has turned into a zombie? It could be part of a botnet responsible for the DDoS attacks that have been taking down company websites.

Last year, the Mirai botnet launched massive and widespread attacks by leveraging vulnerable connected devices (including routers, CCTV cameras, DVRs etc.) and turning them into weaponized zombies. Dyn servers were hit, with notable sites like Twitter, Airbnb, and Netflix badly affected.  Mirai, whose source code was leaked last September, has since gained worldwide attention and has also played a significant role in proving the real-world impact of threats against IoT devices.

While attacks from the Mirai botnet are hard to spot in your own home network—since its effects are minimal on your bandwidth resources—the implications of such attacks to affected organizations and companies are serious. Affected enterprises would have to deal with business disruptions, possible monetary loss, and even damaged brand reputations. But whether the final targets of such attacks are large organizations, the bottom line is that this kind of threat allows bad guys to use your routers—your own private property—in their cybercriminal activities without your knowledge. You can prevent that from happening by securing your home’s gateway, your router.

[Read: How to mitigate attacks that can turn home routers into Zombies]

Think of your routers as a doorway to your home.  The information from all the connected devices pass through your routers and then to the internet. Similarly, inbound data also go through the router and then back to your device again. There are also some router models that have various features such as telephony services, media server, wireless access points etc.  They are comprised of an operating system (OS), hardware, and web applications.

How vulnerable is your router?

Many risks arise from when people setup their routers without considering their own security.  Here are some common security gaps found in typical home routers:

• Unsecure configuration

Routers often come with predefined list of credentials (usernames and passwords) that enable cybercriminals to bypass security. Several router brands have built-in backdoors, which can be tapped by attackers to take control of the router’s settings or to redirect users to malicious websites.  Affected users can suffer from the effects of information or even identity theft.   

It is highly recommended for users to change the  router’s default credentials to add a layer of security. Routers that have built-in security features—like web threat protection and the ability to detect malicious network traffic—can be protected against backdoors and other malware.

• Security flaws as the entry point to your home network

Like any hardware, routers also have vulnerabilities that can introduce malware to your home network. To exploit such vulnerabilities, cybercriminals can simply use a tool that can search for vulnerable routers and then refer to its database of publicly known vulnerabilities.

These security flaws, when exploited, can put confidential information in the wrong hands and allow attackers to launch denial of service (DoS) attacks, prevent users from using the internet, and change the DNS server settings. For small and medium-sized businesses (SMBs), this could result to productivity and profit loss as well as business disruptions. To mitigate these risks, users should keep the router firmware updated with the latest patches.

• Post-compromise threats

Once your home network gets compromised, it becomes prone to DNS-changing malware and botnets among other threats. Another risk you need to consider is VoIP fraud, which occurs when attackers use the telephony service and conduct unauthorized calls to other countries, leaving you with exorbitant charges.

Why are your routers a big target for cybercrime?

Selling your information is just one of the means for cybercriminals to generate profit. Other ways include monetizing and offering DDoS services and botnet rentals in underground markets. To illustrate this, renting 100 bots in the Chinese underground is pegged at US$24 in 2015; in the French underground last year, botnet rental of 100-150 bots per day is at €95 (or US$102.19).

[Visit: The Deep Web Threat Intelligence Center]

How can you secure your router?

Users need to protect routers to help stop cybercriminals from using these devices for malicious means and to minimize the other risks we highlighted in this article. The first step to securing your gateway to the internet begins by choosing a reliable and secure router. For starters, this means never purchasing used ones. It is also recommended to opt for routers that have a security solution embedded in them.

Recently, Trend Micro partnered with ASUS to better protect users from IoT-related threats like Mirai.  ASUS wireless home routers are now pre-installed with the Trend Micro™ Smart Home Network solution, which has web protection and deep packet inspection capabilities.

For a more secure home, users can also take advantage of the Trend Micro Home Network Security solution that provides additional protection against cyberthreats to connected smart devices inside a household.

To know more on how cybercriminals abuse routers and how home users and SMBs can protect themselves, check out our comprehensive guide, Securing Your Home Routers: Understanding Attacks and Defense Strategies.