- The FBI report warns against the risks of targeting obsolete routers
- Many models have experienced vulnerabilities and are no longer supported
- The FBI claims that hackers assimilate the routers in two botnets
Cybercriminals target ancient and obsolete routers which are no longer supported by their sellers, warned the FBI.
The agency noted how hackers use known vulnerabilities not corrected to deploy malware on such devices, assimilating them in botnets which are then used for attacks, or rented as proximity services to other criminals.
These devices are targeted to be fired in 5socks and Anyproxy Network, two services that have not started as malicious, but which ended up being diverted by criminals.
Chinese threat
5socks is a proxy service that offers a large pool of rotating proxys and HTTPS proxys. Its main use case was web scratching, anonymity and bypassing geo-restaurants.
Anyproxy, on the other hand, is announced as a HTTP / HTTPS HTTP / HTTPS Light proxy tool designed to debug and modify web traffic in real time. It was often used by developers and testers to intercept and analyze requests.
The FBI did not detail which groups of actors threatened the two services, but it mentioned that the routers were targeted by “Chinese actors” interested in “establishing botnets to hide piracy on American critical infrastructure”.
According to the report, devices currently vulnerable to compromises include a number of Linksys and Cisco models:
E1200
E2500
E1000
E4200
E1500
E300
E3200
WRT320N
E1550
WRT610N
E100
M100
WRT310N
The agency has urged all users to disconnect and replace obsolete equipment as soon as possible. If they cannot do so, they should at least deactivate remote administration features and restart the assigned devices to minimize the chances of compromising.
The routers, being the bridge of all Internet traffic on a network, are the first target and the most common in a cyber attack.
Via Bleeping Compompute
