Almost 75% neglect router security
Swiss users neglect the security of their router and thus expose themselves to a high risk of falling victim to cybercriminals: Passwords can be tapped and sensitive data stolen.
As a recent survey by Avast 73.5 percent of respondents in Switzerland have never logged into the web-based management interface of their router to change the factory settings. 20 percent say they have never changed the preset password. There is also still room for improvement in terms of update behavior: 55 percent of survey participants have never updated their router's firmware.
Various models affected
At the end of May, an estimated 700,000 routers worldwide were identified as vulnerable to malware that includes SSL stripping. Known as VPN filtering, this modular malware contains so-called "man-in-the-middle" (MITM) attack capabilities designed to infect traffic with malicious payloads. The malware is able to inspect incoming and outgoing traffic from its victim's network and steal passwords or other sensitive information. Currently, routers in 54 countries are affected, including models from Linksys, Netgear, D-Link, Huawei and Asus.
Furthermore, IT security experts have recently reported that the Satori botnet is spreading by exploiting a vulnerability in D-Link's DSL routers. Satori is a botnet that infects IoT devices and then uses them to perform DDoS attacks and mine cryptocurrencies, for example.
Important: Perform updates for routers
Avast's survey shows once again how cybercriminals can exploit users' ignorance about the security of their routers. More than half (51 percent) of respondents in Switzerland say they log into their router at most once a year or even less frequently to check for updates. 49 percent even say they had no idea their router even had firmware, the software embedded in the hardware, that requires regular updates and security updates.
"A user's local area network is only as strong as the weakest link in the chain, and often the router is the most vulnerable point," explains Martin Hron, Security Researcher at Avast. "The relevance of the router in terms of network security is often underestimated, yet it is undoubtedly the most important device, as it is the gateway to the Internet. Since many devices are connected to the router and all data is exchanged through it, as well as incoming and outgoing traffic, it is an attractive target for attack. If cybercriminals can gain access here, it is easy for them to tap into sensitive information such as access data for online banking or to hijack the connected IoT devices. To ensure a minimum level of security, users should change the default username and password when they first install their router and regularly update the firmware." Press release Avast
The survey was conducted in June 2018. In Switzerland, over 525 internet users took part.