Kaspersky warns about router security precautions

According to a recent study, 73% of users have never thought about upgrading or securing their router, making it one of the biggest threats currently affecting the Internet of Things (IoT). This type of threat, originating from vulnerable routers, affects both families and organizations, extending beyond email security vulnerabilities to physical home security. For this reason, Kaspersky experts explain what router vulnerabilities can represent and how users can protect themselves.

Through the infected router, the cybercriminal can redirect users to phishing pages disguised as webmail pages or online banking sites – often used for these purposes. All the data entered on these pages, whether it is the identifier and the password of the email or the coordinates of the bank card, will immediately fall into fraudulent hands.

Since 2010, the number of vulnerabilities found in routers has steadily increased around the world. In 2020, this overall increase was 603, about 3 times more than the previous year, according to CVE. In 2021, the number of vulnerabilities discovered remained almost as high at 506. Of all the vulnerabilities discovered in the past year, 87 of them were critical. These vulnerabilities allow the cybercriminal to bypass authentication and send remote commands to a router, causing the theft of data transmitted over an infected network, whether it is your personal photos, private information or even commercial contracts sent by e-mail.

Although researchers pay more attention to the vulnerabilities they find, routers are still one of the least secure devices. One of the reasons for this is that not all manufacturers care about protecting these devices. Nearly a third of critical vulnerabilities discovered in 2021 remain unpatched: no rating or recommendation has been issued. 26% of these vulnerabilities received only one comment from the company, which most of the time asks the user to contact technical support.

Worse, consumers and small businesses don’t have the knowledge or resources to identify or understand a threat before it’s too late. Proof of this is that more than 73% of users have never thought of updating or securing their router. When routers used in environments with large data storage, such as hospitals or government offices, are hacked, they become a major threat as data leaks could seriously impact thousands of people.

“Network devices and their security are always forgotten because they run continuously, only being called back when something goes wrong. Many people have been working from home for a few years, but router security hasn’t improved over that time – these are devices that are rarely updated.

Therefore, the risk of these vulnerabilities being exploited by cybercriminals remains a concern in 2022. The important thing is to prevent the threat as soon as possible, because people usually discover such an attack when it is too late – after the sale basically of the device, its DNS settings were changed, money and data were stolen from the victims,” comments Fabio Assolini, Director of Research and Analytics Team for Latin America at Kaspersky .

To protect your router against cybercriminal attacks, Kaspersky recommends:
Buying second-hand smart devices is a dangerous practice. Your firmware might have been modified by someone to give access to a criminal who is controlling your smart home remotely.

Don’t forget to change the default password. Choose a complex password and update it regularly.

Do not share serial numbers, IP addresses or other sensitive information about your smart devices on social media.

Prefer encryption – it is the safest for data transfer.

Disable remote access in the router settings. If remote access is still required, it should be disabled when not in use.

After choosing a particular brand of router, be sure to keep an eye out for firmware updates and newly discovered vulnerabilities.

Consider installing a special security solution that can help protect your home network and all connected devices.

Read the full router security report on Securelist.

cybercriminals

Fabio Assolini

Internet of Things (IoT)

Kaspersky

Phishing

router security

You might also like

Leave a Comment