Combatting the Volt Typhoon Campaign: Proactive Steps for Router Security

In light of recent cyber incidents, a comprehensive guide has been issued by the Cybersecurity And Infrastructure Security Agency (CISA) and the FBI to help owners of vulnerable routers bolster their protection. This advice is critically pertinent for home office workers and small to medium-sized businesses using outdated routers, which have been a primary target for “Volt Typhoon” – a hacking group backed by the Chinese government.

The hacking group has been exploiting these weak points to gain access to sensitive data and launch attacks on crucial infrastructures, such as water treatment plants, power grids, and transportation systems. The manufacturers targeted by Volt Typhoon are known to be Cisco, Netgear, and D-Link, specifically older models which have been discontinued from sale.

To safeguard against such breaches, CISA and the FBI have recommended a set of defensive measures. These include applying patches to internet-facing systems, giving priority to fix critical vulnerabilities, and implementing phishing-resistant multifactor authorization (MFA). Additionally, it’s recommended that owners of these routers enable loggings for application access and security.

Specific router models identified as targets include Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras. CISA and the FBI have called on manufacturers to integrate robust security measures into the design, development, and maintenance processes of their routers to eradicate potential vulnerabilities.

Further recommendations for manufacturers include adjusting default configurations to automate security updates and requiring manual overrides when disabling security settings. Moreover, manufacturers are urged to limit access to the router’s web interface only to devices connected to the local area network. Protecting your routers from hackers is imperative, hence staying vigilant and implementing these measures can significantly enhance your defense against potential cyber threats.