Did you hear about the hackers that hijacked more than 300,000 wireless routers?
Four words for those of you expecting a punch line: Don’t hold your breath. This months-in-the-making story made headlines on March 3, and it was no joke. Rather, it was a massive pharming attack that took control of small office/home office (SOHO) routers, or access points – the actual hardware that enables mobile devices to connect to the wireless network.
The attack itself wasn’t new; it involved overwriting the routers’ Domain Name System (DNS) settings, enabling cybercriminals to send web traffic where they wish. The size and scope of the campaign, however, ranked among the largest to date.
Discovered by Florida-based IT security research firm Team Cymru, the hack mostly affected routers in Europe and Asia. According to this article by BBC News:
“Once routers were taken over, internal instructions were changed so they no longer asked servers at their owner’s ISP (Internet service provider) for help looking up the location of websites they regularly visit.
“This would mean that the attackers could re-direct people to anywhere they wanted, inject their own (advertisements) into web pages people visit or poison the search results they get.”
Why the hackers hijacked so many routers was unknown in the hours after the news broke (though the BBC reported that malicious activity was not detected). How they struck is perhaps the more alarming matter as it relates to this story and wireless security moving forward: The attack didn’t target any single piece of equipment. Various router models – made by multiple manufacturers – were compromised.
This development represents a shift in the way cybercriminals are manipulating technology. Rather than focus on exploiting end points such as smartphones, tablets and laptops, hackers are setting their sights on access points, or gateways, to the Internet. This strategic move should serve as a wake-up call for companies of all sizes, but especially small to mid-sized businesses.
In May of last year, the UK’s Federation of Small Businesses (FSB) released a report detailing the impact of cybersecurity and fraud on its members: 41% were cybercrime victims in the previous year, which represented an average annual loss of £4,000 ($6,000) per business. Among the FSB’s membership, 8% were victims of hacking and 5% suffered a security breach.
Clearly, “security by obscurity” is no longer a suitable defense. Cybercriminals thrive on the false sense of security that mantra instills. It’s critical that IT administrators understand the risks unsecure wireless networks pose, and take the necessary steps to avoid them.
One solution is to change the router’s default login settings.
“Routers are usually poorly configured and have vulnerabilities,” Craig Heffner, a wireless vulnerability researcher, told Forbes in 2010. “So the trick isn’t how to exploit the router. It’s how to get access to it.”
Of course, creating credentials with a bit of complexity is merely a starting point. There’s more to monitoring, managing and securing a wireless network. Implementing an easy-to-use solution that handles all three core responsibilities from a single web-based console – and offers compatibility with a wide range of hardware – is a smart strategy. It’s also a sound investment.