The US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) are urging everyone to update and secure their network infrastructure devices. They reported this week that since at least 2015 Russia has been undertaking a concerted effort to compromise networking equipment (Wi-Fi routers, firewalls, etc.) and Internet of Things (IoT) devices (like smart refrigerators, smart thermostats and most anything else that’s called “smart” these days).
Their goal is more than just good old-fashioned spying. By compromising potentially millions of devices, Russia is creating a strategic foothold cross US networks that will allow them to launch dedicated denial of service attacks and steal intellectual property from within our borders. It’s easier to stop cyberattacks when they’re originating from a specific geographic area outside of the US, but if the attacks are coming from countless devices from within the US, it gets more difficult.
Seriously, update that router
So if you still haven’t taken the time to update your router and anything else in your home and business despite last year being an extremely active year marked by several attacks that exploit routers, take the time to do it now. There are some simple steps to updating you router and securing it with a password, that are sufficient for home offices and very small businesses. However, if you have any complexity past a single access point, you may run into trouble.
At this point I’d plug our services in that regard. Fixing a companies Wi-Fi network is one of the most satisfying things we do, because it’s a modest investment with huge payoffs. But that’s not what this article is about. It’s about appealing to you, the reader, to not just secure your Wi-Fi for your own sake (which can be an existential matter for a business) but do it for everyone’s sake. The more networks that Russia, or any hostile actor can compromise, the more destructive they can be. If your router is compromised, you may be paying the electric bill for what is essentially hostile foreign base of operations in a cyber war.
Rarely do we equate good IT practices with patriotic duty, but there it is.