Cybersecurity blog header

Cyberattacks against industrial and business routers

- Ciber 4 All Team

Cyberattacks against routers are particularly sensitive in the industrial environment

Cyberattacks against routers pose a dangerous threat to companies in the industrial sector where IIoT devices and ICS systems are used

At the end of 2024, it was made public that the US Departments of Commerce, Defense and Justice are considering banning the marketing in the country of routers from TP-Link. This Chinese company controls around 65% of the market for routers used in homes and SMEs. Why? The manufacturer is considered to be failing to address the security vulnerabilities of its products adequately. On top of this, malicious campaigns orchestrated by Chinese criminal groups have been detected, compromising network devices manufactured by TP-Link.

This news has once again put the spotlight on cyberattacks against industrial, business and home routers. A threat that goes unnoticed but can jeopardize the business continuity of companies, facilitate espionage and the theft of corporate information and cause substantial economic losses by leaving companies and their IoT devices disconnected.

Furthermore, it is important to point out that cyberattacks against routers are not only directed against general-purpose, low-priced devices such as those marketed by TP-Link but also against routers used in technologically advanced industries such as energy or telecommunications.

Thus, just a few days ago, Moxa, a supplier of network devices used in environments with industrial control systems, warned that two vulnerabilities present in its routers would allow remote attackers to gain administrator privileges on the devices and execute malicious code. To address these vulnerabilities, the manufacturer released a security patch that companies using the affected devices were required to install.

1. Not implementing security patches puts routers at risk from known vulnerabilities

Continuously updating devices to ensure that all security patches are implemented is key to preventing cyberattacks against routers.

In fact, during October and November 2024, two botnets actively exploited vulnerabilities affecting routers made by the company D-Link. Was this possible because these were unknown vulnerabilities? No. The exploited vulnerabilities had been discovered years ago. However, the devices attacked were outdated and the security patches developed by the manufacturer had not been implemented.

In this way, malicious actors were able to remotely control the attacked devices, deploy malware on corporate systems and launch distributed denial of service attacks.

A recent study carried out emphasizes that outdated routers are a common bad practice. So much so that 9 out of 10 respondents said they had not updated their router’s firmware. Although it can be assumed that in the business world, this figure will be significantly lower, it is evidence that there is still a long way to go in internalizing this very basic and essential task.

Routers are very sensitive business assets

2. The dangerous practice of using default credentials for administrator accounts

Likewise, the study reveals another worrying fact that facilitates cyberattacks against business and home routers: 86% of the users surveyed have not changed the default administrator credentials of their devices, making it easier for malicious actors to compromise the devices and launch attacks against routers and the companies that use them.

How can these negligent practices occur? Routers are a key element of any corporate network and, therefore, are critical to the productive fabric at a time when digitization is widespread in all business areas.

Routers are even more relevant for industries that use ICS (Industrial Control System) systems and IIoT (Industrial Internet of Things) devices to carry out their activities, which, therefore, need to be connected to the Internet in order to function.

Despite their criticality for business continuity, some organizations do not pay due attention to them when designing their cybersecurity strategies and focus solely on elements of their digital infrastructure, such as employee equipment or business software.

3. The exploitation of zero-day vulnerabilities puts companies in check

Are companies that implement good cybersecurity practices to strengthen device security safe from cyberattacks against routers? Unfortunately not. One of the most worrying trends in cybersecurity is the rise of zero-day cyberattacks. That is to say, malicious campaigns that exploit vulnerabilities that are not yet known and for which there are still no security patches.

For example, in recent days, it was made public that a new botnet of the Mirai family, a malware infamous for DDoS attacks, had exploited a zero-day vulnerability present in industrial routers from Four-Faith to launch distributed denial of service attacks.

This botnet, homophobically named Gayfemboy, also attacked routers and IoT devices from other manufacturers such as Huawei, ASUS and LB-Link, taking advantage of zero-day vulnerabilities or recently published weaknesses. Its attacks spread across industries in China, the United States, Germany and the United Kingdom.

Cyberattacks against routers threaten the business continuity of thousands of companies

4. DDoS attacks to paralyze the activity of industries and companies

The case we have just detailed is not an exception. Many of the malicious actors who launch cyberattacks against routers of industries and companies seek to provoke DDoS attacks and paralyze their operations by overloading the routers.

In fact, a few days before the turn of the year, router manufacturer SHARP reported up to five vulnerabilities affecting several of its devices. These vulnerabilities would allow malicious actors to:

  • Execute arbitrary code.
  • Access sensitive information.
  • Block routers through DDoS attacks.

Impairing business continuity in any industry can cause millions in economic damage to companies, making cyberattacks against routers an especially worrying threat to organizations in the industrial sector that use IIoT devices and ICS systems.

Even more serious are cyberattacks against critical infrastructures such as those managed by energy or water companies. The paralysis of activities can affect hundreds of thousands of citizens and companies and even pose a risk to people’s health and well-being.

5. Key cybersecurity services to prevent cyberattacks against routers

What can companies in the industrial sector and the rest of the productive fabric do? First of all, they can implement good cybersecurity practices such as modifying administrator credentials and the default settings of routers, controlling which users access them and keeping them permanently updated. But, in addition, companies have at their disposal various key cybersecurity services when it comes to preventing cyberattacks against routers and corporate networks.

5.1. Security audits and DoS tests

  1. Security audits to detect problems in routers and IoT devices and propose solutions to remedy them before they are successfully exploited.
  2. Penetration testing services to evaluate the security of corporate networks, identify exploitable vulnerabilities and analyze the possibility of malicious actors persisting in company systems in order to achieve their objectives.
  3. Vulnerability management. To avoid cyberattacks against routers, it is critical to carry out comprehensive vulnerability management that covers the entire technological infrastructure of companies and allows for the control of known vulnerabilities and prioritization of their mitigation.
  4. Detection of emerging vulnerabilities. The cyberattacks against routers that have been reported in recent months demonstrate the importance of exploiting zero-day vulnerabilities in these devices. For this reason, it is essential to have a team in place to detect emerging vulnerabilities in order to mitigate weaknesses as quickly as possible and prevent them from being exploited.
  5. DoS Test. Distributed denial of service or load tests against systems and devices exposed to the Internet make it possible to simulate DDoS attacks in controlled environments, confirm their resilience and verify whether there are vulnerabilities that could facilitate this kind of attack.

In short, cyberattacks against industrial routers are on the increase and pose a significant threat to companies and their operations. For this reason, it is essential to use cybersecurity services that increase the level of resilience of devices that are essential for connecting the technological infrastructure of companies.