“If a business is using one of these routers, they’re setting themselves up for attacks on their infrastructure,” said David Shipley of Beauceron Security. “Most likely, this will be small businesses without a firewall, and this could lead to things like ransomware attacks.”
Hackers can obfuscate their location, gain administrative access
The FBI’s FLASH advisory, released to quickly disseminate information about critical cybersecurity issues to security teams and system admins, explicitly calls out 13 Linksys, Cradlepoint, and Cisco models being commonly hijacked. These include:
- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610N
- Cradlepoint E100
- Cisco M10
Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.
