On Monday, April 16, in a rare, joint announcement, the United States and British governments issued a warning regarding a state-sponsored coordinated campaign to infiltrate internet routers in preparation for future malicious attacks. In this announcement, the United States Department of Homeland Security (“DHS”), the Federal Bureau of Investigation (“FBI”) and the United Kingdom’s National Cyber Security Center (“NCSC”), issued a strongly worded and detailed warning regarding network infrastructure devices.
In its announcement, the agencies warned that foreign actors endeavor to compromise millions of routers and other network infrastructure that they may exploit for future cyberattacks. These hackers are targeting the private sector, governments, and critical infrastructure, as well as the internet service providers that provide support to each of these sectors. These actors are attacking devices globally, including routers, firewalls, and switches. The announcement alerts readers that state-sponsored actors are actively looking for vulnerabilities on routers and firewalls, ranging from the simple routers used in individuals’ homes and in small businesses, to major companies’ private network equipment. The purpose of these attacks, per the FBI, is to support espionage activities, extract sensitive data, and maintain continued access to networks in order to establish an infrastructure from which they can conduct future, large-scale intrusions.
In this joint announcement, the agencies indicate that they have received a number of reports from other nations, and private and public sector companies in both the United States and United Kingdom, of malicious cyber activity. The agencies provide urgent recommendations and tactics for companies, internet service providers, device vendors and government organizations to undertake in order to mitigate the risk of cyber threats, as well as tactics to observe unusual activity that signals that an attack has occurred.
The agencies warned readers to update their devices, including by changing entry requirements (such as passwords) from the factory settings. Hackers frequently scan the web for devices with vulnerabilities, and most often are able to initiate cyber intrusions by entering routers whose default passwords were never changed from the factory settings. This announcement strongly urges readers to immediately change factory issued usernames and passwords of routers and other devices, immediately upon receipt, and urges companies to utilize stronger security measures in setting up internal and external facing technological infrastructures.
There is the potential for greater damage resulting from router attacks, because these devices are often treated with a lesser level of security than other internet security devices. The announcement also urges manufacturers to implement measures that would enhance security, such as automatically prompting users to immediately change default settings.