U.S. And UK Regulators Warn That Foreign Actors Will Exploit Routers For Future Cyberattacks

King & Spalding

On Monday, April 16, in a rare, joint announcement, the United States and British governments issued a warning regarding a state-sponsored coordinated campaign to infiltrate internet routers in preparation for future malicious attacks. In this announcement, the United States Department of Homeland Security (“DHS”), the Federal Bureau of Investigation (“FBI”) and the United Kingdom’s National Cyber Security Center (“NCSC”), issued a strongly worded and detailed warning regarding network infrastructure devices.

In its announcement, the agencies warned that foreign actors endeavor to compromise millions of routers and other network infrastructure that they may exploit for future cyberattacks. These hackers are targeting the private sector, governments, and critical infrastructure, as well as the internet service providers that provide support to each of these sectors. These actors are attacking devices globally, including routers, firewalls, and switches. The announcement alerts readers that state-sponsored actors are actively looking for vulnerabilities on routers and firewalls, ranging from the simple routers used in individuals’ homes and in small businesses, to major companies’ private network equipment. The purpose of these attacks, per the FBI, is to support espionage activities, extract sensitive data, and maintain continued access to networks in order to establish an infrastructure from which they can conduct future, large-scale intrusions.

In this joint announcement, the agencies indicate that they have received a number of reports from other nations, and private and public sector companies in both the United States and United Kingdom, of malicious cyber activity. The agencies provide urgent recommendations and tactics for companies, internet service providers, device vendors and government organizations to undertake in order to mitigate the risk of cyber threats, as well as tactics to observe unusual activity that signals that an attack has occurred.

The agencies warned readers to update their devices, including by changing entry requirements (such as passwords) from the factory settings. Hackers frequently scan the web for devices with vulnerabilities, and most often are able to initiate cyber intrusions by entering routers whose default passwords were never changed from the factory settings. This announcement strongly urges readers to immediately change factory issued usernames and passwords of routers and other devices, immediately upon receipt, and urges companies to utilize stronger security measures in setting up internal and external facing technological infrastructures.

There is the potential for greater damage resulting from router attacks, because these devices are often treated with a lesser level of security than other internet security devices. The announcement also urges manufacturers to implement measures that would enhance security, such as automatically prompting users to immediately change default settings.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.