In October 2016, criminals launched a distributed denial-of-service (DDoS) attack against Dyn's managed DNS infrastructure.
The assault messed with how the internet translates domains like the human-friendly www.grahamcluley.com into their actual numeric web addresses. As a result, Twitter, Spotify, and many other websites we know and love on the internet went down for several hours.
Dyn's researchers revealed that 100,000 Internet of Things (IoT) devices infected with the Mirai malware had constituted the bulk of the campaign's attack traffic. Lots of smart devices had snagged a piece of the pie, including baby monitors, cameras, and home routers.
Sigh... this isn't the first time a botnet has leveraged infected home routers to conduct attack campaigns. With that being said, I think all of us in security agree on one thing: it's time we put a stop to online criminals hijacking our routers for nefarious ends.
How? By learning what we can do to secure our routers and our Wi-Fi networks.
Common attacks against a router
Before we dive into how we can protect our home networks, it's important that we first understand some of the most common attacks that threaten our routers. These are as follows:
- DDoS Campaigns: Routers and DDoS attacks have a multifaceted relationship. On the one hand, infected routers make for dutiful bots such as those employed by Mirai to target Dyn. On the other hand, actors can launch their own attacks against a router. If the traffic is sufficiently large, they can overpower the device's resources and thereby slow down the network.
- Brute Force: An attacker attempts to gain unauthorized access to a router by guessing its username and password. This effort takes no time if the device still uses the default credentials with which it originally shipped out to retailers.
- Packet Mistreating Attacks: Some actor abuses a vulnerability in the router to inject it with malicious code that prevents the device from handling its routing process correctly. As a result, the router can't process data packets, which causes denial of service conditions and network congestion.
The fun for an attacker need not stop with one of the scenarios above, either.
After successfully conducting a brute force campaign, for example, a nefarious individual can then conduct secondary attacks such as DNS hijacking, a method which points a router to a rogue server controlled by the attackers that can trick users into inadvertently visiting malicious websites.
The basics of network protection
Now that we know what types of attacks threaten our routers, we can now learn more about how to protect them. Here are the basics:
- Don't use a router supplied by your ISP: These devices are often less secure than commercially available routers. For instance, many of them enable remote support via the use of hardcoded credentials that are impossible to change. Depending on the vendor, they also might not receive patches on a regular basis.
- Change the default admin login credentials: Mirai and botnets like it work by scanning IoT products for default login credentials. If they find what they're looking for, the malware logs in and enlists the devices into their botnet. Don't let this happen! Set a unique username with a strong password. It's that simple.
- Choose a strong Wi-Fi password: Why stop there? When you set up your Wi-Fi network, make sure you set a strong password to deter remote attackers. It would be a good idea to couple that password with the use of WPA2 as your router's security protocol.
- Update your router's firmware on a regular basis: Once the credentials for your router and network are set, make sure you register your product so that you can receive firmware updates whenever they're released. You can and should implement those security fixes from the router's web interface.
- Be careful when logging into the router's web interface: Whenever you access the router from the web, make sure you do so in private mode so that the browser doesn't save any cookies. Also, make sure the browser doesn't save your router's username and password. You don't want those bits of information inadvertently falling into the wrong hands should someone obtain access to your computer!
- Don't enable services you don't need: Telnet, SSH, UPnP... few people need those services, but plenty activate them anyway. Don't be one of those people! There's no reason to expose yourself to additional risk if you have no use for those services.
More for next time...
We're just getting started with our tips for how to protect your router and home network. Want to get a little more complex? Read some advanced security tips and recommendations.