Class Networks’ Good Practice Guide to re-set your Router against Cyber-Attacks

Protecting your Router

Thousands of routers have been affected by the Marai Worm this week. The attack started in the UK on Sunday 4 December and has resulted in thousands of people having their internet access cut. There hasn’t been any breach of personal data but it has resulted in loss of internet speed, the inability to surf the web and for some a lotal loss of internet access. Class Networks recommends you follow our good practice guidance to re-set your router helping to protect it against cyber-attacks.

The current outage started in Brazil and Germany, with Deutsche Telekom reporting that 900,000 customers had lost their internet connections. It involves a modified form of the Marai Worm – a type of malware that is spread via hijacked computers, which causes damage to equipment powered by Linux-based operating systems. It has co-opted routers from a few manufacturers, Zyxel (& Speedport) routers are currently the most co-opted router, although any router has a potential to be compromised, as the current internet security companies have not yet provided a complete list of routers with this flaw.

The effects of this issue, can range from poor internet speed, to being unable to surf the internet at all, however these have not yet been fully categorised. If you are a Class Networks customer experiencing these problems please contact Class Networks Support who will check your broadband service and confirm if it’s likely that you have a router problem.  In this case you should contact your IT support for help.

The general advice being provided here is good practice for any protecting router, but any customer who use a Zyxel router, should perform the following actions:

1. Disconnect from the phone line/internet.
2. Please call your IT service provider, who can provide additional advice and support.

If you do not have an IT service provider, here some guidelines.

1. Reboot Router – power off and on.

As some of the code used (in this exploit) is transient. On a reboot, this code should not be re-loaded. Although this is not always the case.

1. Refer to the router manual and Login to the router.

If you are unable to get in using the password that has been set previously. Please go to step #12

1. Change the admin password, to a more secure password.

password must meet the following criteria: more than 8 characters, including upper case, lower case, numbers & preferably another special character.

1. Backup the config of the router, and save it in a secure location.
2. Connect to the phone line/internet.
3. Browse to the router manufacturers website, and find the latest version of firmware for your specific model of router (the model number can usually be found on the underside of the router). Please ensure the date of the firmware on the manufacturers website is the latest. (Which should be no older than 2-3 weeks’ dependant on manufacturer).

e.g. Zyxel AMG1302-T10B – has a release date of 30 November 2016.

1. Upload the new firmware onto your router.
2. Reboot Router – power off and on.
3. Log back into the router and save a back-up configuration file.

Reset Router to Factory Defaults :

1. This is a last resort as the routers current configuration will be lost. The router may need additional configuration in order to operate as it did before. In this case consult with the person/organisation that configured the router for these details before resetting to factory defaults.
2. Ensure the router is disconnected from the phone line/internet.
3. Refer to the router manual and reset the router to factory default.

For most routers, pressing and holding the Reset button on the router for 30 seconds, should wipe all configuration details from the router. Please note this is dependent on router and manufacturer.

1. Login to the router, with the manufacturers default username and password.
2. Change the default admin password, please see point #5, above
3. Input into your router the internet access username and password provided by Class Networks. Contact Class Network Support if you need these details.
4. Connect to the internet, and browse to the manufacturer’s website, download the latest firmware for your router.

Please see points #8 to 10 above.

1. Upload this firmware to the router.
2. Add additional configuration details if required (this may be in the form of back-up configuration file, if one exists).
3. Reboot Router – power off and on.
4. Log back into the router and create a back-up configuration file.

If you would like to receive updates and information on IT Security, how to avoid cyber-attacks, general employee cyber security policy and much more, please contact nighat.mashhadi@classnetworks.com

Class Networks are a Certified Architect for installing Sophos Under Threat Management (UTM). Sophos products help secure the networks used by 100 million people in 150 countries and 100,000 businesses, including Pixar, Under Armour, Northrop Grumman, Xerox, Ford, Avis, and Toshiba.

Download the printer friendly version.

good-practice-guide-re-set-your-router-against-cyber-attacks-091216

It Security

Posted in News