ng-nz logo
Story image

Opinion: Router security leaving major cyber exposure gap

02 Nov 2018

Article by Tenable A/NZ country manager Bede Hackney

The security of networked devices is often an afterthought as organisations and consumers embrace IoT devices.

A testament to the importance of securing some of these less obvious, but highly risky, attack surfaces has been demonstrated over the past year with hackers exploiting a security flaw in 200,000 MikroTik routers, allowing them to mine cryptocurrency, as well as the VPNFilter malware campaign that targeted MikroTik routers, allowing cybercriminals to run code remotely.

Tenable Research recently revealed that it discovered several vulnerabilities in RouterOS, a proprietary operating system (OS) used in MikroTik routers, that holds the potential to expose hundreds of thousands of devices.

At the most critical level of these vulnerabilities, attackers can potentially gain full system access allowing them to modify and eavesdrop on network traffic.

This is particularly concerning when looking beyond the individual attacks to the broader impact.

Exploiting this router vulnerability could give attackers the power to access a victim’s entire internal network.

When users step up and secure their personal networks, they’re more likely to pay attention to the security of laptops and mobile devices, those considered to directly hold personal and valuable data, than looking to routers.

Hardware is frequently tossed to one side upon installation and left to fester without security updates, leaving them exposed to outside threats and easy to manipulate.

The reality of modern computing is that every single piece of technology — from software to hardware — can broaden the cyber exposure gap.

Routers are easily exploited by hackers because they’re often left insecure by a lack of basic cyber hygiene.

Unfortunately, home and corporate routers alike are rarely patched, meaning the door is left wide open for cybercriminals.

On an individual level, the consequences could be tragic, such as lost or exposed personal data.

When it comes to the corporate world, the consequences could be business-critical, such as compromised customer data.

CISOs and business leaders need visibility into their entire attack surface - including overlooked devices like routers and IoT devices.

Story image
Apple's new watchOS 7 features handwashing detection, new watch faces
“watchOS 7 brings sleep tracking, automatic handwashing detection, and new workout types together with a whole new way to discover and use watch faces, helping our users stay healthy, active, and connected.”More
Story image
Apple previews iOS 14 at WWDC
Apple’s worldwide sneak preview of the new iOS 14 app may not have a fancy name like its macOS ‘Big Sur’ counterpart, but there is still plenty on offer.More
Story image
Game review: Borderlands Legendary Collection on Nintendo Switch
I was pleasantly surprised when I opened Borderlands (2009) and the highly stylised art direction and animation didn’t seem like it was from the same year that Barack Obama first took office.More
Story image
Video games market booming following COVID-19 related lockdowns
As an industry custom-built for people to stay indoors, it is understandable that the global video games market has boomed in the last few months, bringing huge profits for the leading gaming companies and their shareholders.More
Story image
IT pros report increase in security issues due to remote working
Security issues, IT workloads and communication challenges have all seen significant increases in the new remote working era, according to new research from Ivanti.More
Story image
Hands-on review: 13-inch MacBook Pro - the butterfly keyboard is finally dead
With the typing experience improved and the insides bumped up and the Apple ecosystem now better than ever, the MacBook Pro is now an even more reliable tool.More