Over 600K Routers Were Hacked in Three Days Late Last Year. Here’s What Happened and How We Can Learn From It
[ad_1]
More than 600,000 Internet routers belonging to a single ISP were taken offline over a three-day period in October.
Security analysts at Lumen Technologies’ Black Lotus Labs detailed the attack research published Thursday. All of the routers were rented from one ISP and were permanently inoperable, requiring hardware replacement. Almost half of all the company’s modems were suddenly disconnected from the network during those three days in October.
“The event was unprecedented due to the number of units affected – no attack that we can recall required the replacement of more than 600,000 devices,” the Lumen researchers wrote. “Furthermore, this type of attack has only occurred once before, with AcidRain being used as a precursor to an active military invasion.”
There are two unanswered questions in the report: Which ISP was attacked and who is responsible?
Which ISP’s routers were hacked?
Lumen’s report did not specify which ISP the routers belonged to. They traced the attack to two different brands of gateway devices, Sagemcom and ActionTec, which displayed a static red light. Users on public Internet forums described conversations with customer service in which they were told the entire device needed to be replaced.
When Lumen researchers cross-referenced these modem-router combo devices with the ISPs that use them, they found one particular provider with a 49% drop in the number of its devices connected to the Internet.
“A significant portion of this ISP’s service area covers rural or underserved communities,” the Lumen researchers said. “Places where residents may have lost access to emergency services, farming concerns may have lost critical information from remote monitoring of crops during harvest, and health care providers are cut off from telehealth or patient records.”
While the study declined to name the affected ISP, Reuters report identified Windstream as the company in question, citing a comparison of descriptions of events in the Lumen report with Internet outages on the dates of the attack. A Windstream spokesperson declined CNET’s request for comment.
Who is responsible for the attack?
Lumen researchers concluded that “the event was likely an intentional action taken by an unattributed malicious cyber actor,” but did not speculate on who that actor might be.
“We currently have no overlap between this activity and any known clusters of nation-state activity,” the report said. “We assess with high confidence that the malicious firmware update is a deliberate act intended to cause disruption, and while we expected to see a number of router brands and models affected across the Internet, this event was limited to a single ASN.” ASN stands for Autonomous system, which is like an ISP’s social security number. What’s unique about this attack is that it was limited to a single ISP, not a specific router model or vulnerability.
The FBI did not immediately respond to CNET’s request for comment.
How to secure your router
“Destructive attacks of this nature are very concerning, especially in this case,” the Lumen researchers wrote. In addition to taking you offline for an extended period of time, Wi-Fi hacks can reveal personal information, install malware, or redirect your Internet traffic. Here are some practical tips to help you improve your network security:
- Create a unique password: This is the lowest of the low-hanging fruit when it comes to Wi-Fi security. Wi-Fi routers come with a default admin username and password, and forgetting to change those credentials is like leaving the front door wide open for hackers. Best practice is to change your password every six months or so and avoid easy-to-guess passwords or phrases such as names, birthdays, or phone numbers. here it is how to access your router settings to update your Wi-Fi password.
- Turn on the firewall and Wi-Fi encryption: These are usually on by default, but it never hurts to double check that they are enabled. This will help prevent eavesdropping on the data sent between your router and the devices that connect to it. You can find these settings by logging into your router from its app or website.
- Upgrade to a WPA3 router: WPA3 is the most current security protocol for routers. That means it’s Wi-Fi Alliance certified with all the latest protections. If you buy a new router, it will almost certainly be WPA3, but some routers leased directly from ISPs may be older. The two specific gateway models listed in Lumen’s report, the ActionTec T3200s and ActionTec T3260s, are WPA2 certified — not WPA3. If you rent a WPA2 router from your provider, it’s worth it call them and negotiate for a newer model.
[ad_2]