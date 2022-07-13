The mass adoption of home office and hybrid work regimes has led to a record in locating security holes in home and industrial routers. Between 2020 and 2021, a total of 527 vulnerabilities were found on these devices, with 87 of them critical and appearing in the last year alone.

The numbers were released by security firm Kaspersky and come in a dangerous contrast. While 2021 was the year with the highest number of openings, 321 and above the old record of 206, in 2020, 73% of users still don’t think about updating or securing their routers. This makes devices, among all devices in the Internet of Things segment, the most targeted by criminals.

This lack of response also appears with manufacturers, with the company’s report noting that only 26% of critical vulnerabilities received mitigation guides by those responsible. In some cases mentioned, such attitude was not accompanied by defense indications or updates, being mere suggestions for users to seek support to obtain more information about the case, while the breach, theoretically, remains open.

In an environment where corporate networks and personal data are accessed from such devices, what we have is a dangerous scenario, especially in the face of growth that, although considerable in the last two years, is consistent from 2010 onwards. Between the lack of knowledge and interest, a golden opportunity for digital cybercriminals is emerging.

“Network devices and their security are always forgotten, as they work continuously, being remembered only when there is a problem”, comments Kaspersky Director of Research and Analysis Team for Latin America. “Router security has not improved over the years. and the risk of vulnerabilities being exploited remains a concern. The important thing is to prevent the threat as early as possible, as people often discover such an attack when it is too late.”

Assolini gives some examples, such as manipulating DNS settings to redirect users to fraudulent websites, intercepting personal data and banking information, or using devices in denial-of-service attacks. Common results are file leakage or intrusion into corporate networks, leading to ransomware scams and other types of attacks. Multiply that to countless powers when we talk about devices installed in hospitals, government agencies or large companies.

How to protect the router from attacks?

Keeping devices up to date and protected is the first step to ensuring that any security vulnerabilities are not taken advantage of by crooks. Access the device’s control panel and look for information about updates, which are usually made directly or from the manufacturers’ official websites. Never download custom firmware or from third-party websites, as they can also be contaminated.

Still in this access, it is important to protect the router with secure passwords, instead of the factory ones with which such devices are normally configured. Such information is widely known and can also be used by bandits in compromises; the preference is for complex and unique combinations that cannot be easily discovered.

More advanced tips also involve disabling remote access to the router or setting periods of inactivity if this feature is needed. In addition, it is important to consider the implementation of software or security solutions that also protect connected devices, as well as including them in connection monitoring tasks so that any suspicious activity can be detected more quickly.

Source: Kaspersky