What do you do once you buy a broadband connection from a good internet service provider? First things first, you need to install an antivirus to protect your desktop or laptop from any viruses. Once you install an antivirus, you need to weekly check your PC for viruses, update the programs and systems promptly and use strong passcodes to take care of the same. Yet, for some or other reason, your internet may slow down, and a few sites might deny access. Wondering why? It may not be because of the malware on your desktop but in your router. Read on to know how to be aware of the hidden malware threats in your Wi-Fi router.
The main question you may have here is, why routers?
Cybercriminals tend to focus on routers for two major reasons. Firstly, it is because all the network traffic travels via this device, and secondly, you cannot scan the router using a regular anti-virus. So, the malware in your router gets several opportunities to attack and holds a limited chance of getting detected. Discussed here are a few things that cybercriminals can perform using an infected router.
Form a botnet
When an infected Wi-Fi router connects with a botnet, i.e., a network of devices transferring multiple requests to a specific site as part of a DDoS attack, this may be a dangerous scenario for your device and your information stored in the device. A significant aim of attackers here is to overload the service targeted to the extent that it steadily slows down and ultimately fails. As per the data, routers in the year 2021 were attacked by two dangerous malware families – Meris and Mirai with the latter leading by a massive margin.
Mirai
This is a notorious malware with a sweet name, which means ‘future’ in Japanese. This virus has been active since 2016. Apart from routers, it is also known to aggressively infect smart TVs, IP cameras, and other IoT devices, like wireless controllers and digital advertising displays. This virus was initially conceived to impact Minecraft servers with big-scale DDoS attacks. It was later found to infect other devices too. The malware’s source code was leaked online years back and now is the basis for new variants.
Meris
In Latvian, Meris means a plague. It has already impacted thousands of high-performance devices – generally the MikroTik routers. For example, in the course of an attack on a USA financial company in the year 2021, there were several requests from the network infected with Meris. This count was nearly 17.20 millions per second. After a few months, the botnet attacked Russian financials, recording an uptick of 21.80 million per second.
Steal data
Few routers infecting malware can do more serious damage like stealing your personal data and information. When you are online, you tend to send and receive crucial information, and personal payment data, and share documents, credentials, etc., via mail, social networks, and other channels. All this information, along with other network traffic, passes through the router installed in your home, which in most cases, is installed by your internet service provider. During the attack, the data and information can simply be intercepted by malware, which falls into the hands of cybercriminals. One such data-stealing piece may be the VPN filter. Just by infecting the servers and routers, it may gain the potential to accumulate information and disable or control the router.
Spoof sites
Malware lodged in the router may redirect you to a webpage with multiple ads or malicious websites instead of routing you to the site you want to visit. You may think you are accessing a legitimate website. However, you get stuck in a cybercrook.
It works as any normal website, i.e., when you input the site’s URL in the Google search bar, your smartphone or desktop sends a request to a DNS server, where all the IP addresses, as well as their corresponding URLs, are present. In case your router is infected, then instead of taking you through a DNS server, it sends the request to a scrupulous server that responds to Google queries with the IP details of a distinct website. This is an act of phishing.
The switcher trojan precisely was doing this, i.e., infiltrating the settings of the router and taking them to a malicious server. Naturally, all the information you enter on this fake webpage is leaked out to the attacker.
What are the ways in which malware can enter your router?
There are two significant ways in which malware may enter your router – by guessing your admin passcode or exploiting the vulnerability points of your device.
Passcode guessing
All routers of similar models may have similar admin passcodes inserted in their factory settings. Do not confuse this with your network security key (i.e., the passcode you tend to input to connect directly to your WI-FI). The admin passcode is used to get the allowance to enter your router’s settings menu. If you do not change your factory settings, attackers may guess your passcode, if they are aware of the router you are using and infect the same with malware.
However, currently, few manufacturers have begun to take security very seriously and assign random passcodes to every device. But note that, guessing the correct passcode combination for older router models is still a kid’s play.
Vulnerability exploitation
The router’s vulnerability is a gateway to the internet via which all threats may stroll into your public or home network or sit in your router, wherein detection is nearly impossible. Meris botnet does this. It exploits unpatched vulnerabilities in a MikroTik router.
As per Kaspersky’s research, over a hundred vulnerabilities have been discovered in routers in the last two years. To secure all the weak spots, router vendors tend to release patches and new firmware versions. Unfortunately, many of you are unaware of the fact that router software must be updated, like any other software or program.
How can you protect your network?
In case you are looking to secure your public or home router and keep your personal data safe and secure, ensure to follow the listed points –
∙ At least once a month, review the manufacturer’s website for any latest router updates. Install them at the earliest. For some of the router models, patches may arrive automatically, and for others, you may require installing them manually.
∙ Form a strong and long admin passcode for your WI-FI router.
∙ Use the VPN app that may encrypt all the outbound information before passing it to the router, keeping it safe from any cybercrime.