Is it time to restart your router?
No less an authority than the Federal Bureau of Investigation (FBI) strongly recommends you do. The law enforcement agency announced Friday that Russian hackers have infected hundreds of thousands of American internet routers, both personal and enterprise-level. Altogether these infected routers create a malware network that can, according to a public service announcement, inflict “information collection, device exploitation, and blocking network traffic” on a mass scale.
The FBI claims that well-known Russian hacking group Fancy Bear—who have long-standing allegations connecting them to Russian intelligence agencies—are responsible for the wave of attacks. The same group was connected to the 2016 DNC hack.
The FBI estimates that 500,000 routers in 54 countries were infected. The most prominent router manufacturers all had their products affected by the rogue network. The malware has proven hard to detect due to encryption tactics; fortunately, the FBI has seized control of a Fancy Bear-controlled domain forming a crucial part of the malware “command-and-control infrastructure.”
Enterprise Takeaways: What Can We Do?
Does your enterprise have reason to fear this Russian malware network? There’s a high probability the answer is yes. The good news is that the majority of the advice the FBI provides to help disrupt and disable this malware network are actually enterprise network security best practices. In other words, these are actions and procedures your IT security team should be following on a consistent basis.
So if you haven’t already, you should take the following steps to secure your IT environment from both Russian hackers and more local threats:
Restart Your Router
First things first: The FBI says you must restart your router immediately. Rebooting it will help determine if your network has been infected or not. If it has, going through the steps to restart your router will disrupt and remove a layer of malware. Whatever malware is still on your router will then call out to their malicious domain for instructions—which the FBI has taken over. They’ll deny instructions from being sent.
To restart your router, simply turn it off and turn it back on again. Yes, once in a rare while, it truly is that simple.
Disable Remote Management Settings
Having remote management settings enabled on your router can be extremely helpful in a decentralized IT environment; enterprises embracing cloud adoption and digital transformation will find it especially helpful.
However, those remote controls can easily be maliciously and surreptitiously ceded to hackers via the malware network. With this access, they can download conceal malware on your router more easily and can create future disruptions and leaks. For the time being, best to shut that access off until you can evaluate it’s safety. It should also be an opportunity to examine that access is in the right hands in your enterprise.
Use Stronger Passwords
We’ve spoken before about our dissatisfaction with passwords, and while we stand by those past statements we also acknowledge that part of the problem is passwords is that they are often easily guessed or cracked: password1234 isn’t going to cut it in the modern digital age. Your router should be protected by a sophisticated and distinct password so that only those with the right credentials can access it.
At the same time, make sure that your employees are practicing password best practices in general: it can save your router and your enterprise in the long term by denying hackers access.
Download Firmware Updates
Your endpoints, routers, and network should be consistently updated as soon as an update is available—always, always, always. We know it is inconvenient, but only by doing so do you ensure that the latest security protocols are installed throughout your IT environment. Your IT security team should be monitoring for new updates and making sure they are deployed consistently throughout your enterprise.
So yes, restart your router—and take those extra steps to keep your router and endpoints secure.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021