GBHackers News reports that nearly 2,200 breached Cisco Small Business RV, Linksys LRT, and Araknis routers have recorded spikes in illicit scanning activities since July 30.
The U.S. was most impacted by the malicious scanning efforts for reconnaissance in keeping with botnet operations, followed by India, Canada, Brazil, and Poland, according to the Shadowserver Foundation. Threat actors may be leveraging the hacked routers for port scans and service enumeration, which could later lead to aggressive vulnerability exploitation and credential-based intrusions, said researchers, who warned that compromised networking equipment could be used not only to create malicious infrastructure but also enable the discovery of new targets. Organizations have been urged to bolster their edge devices' defenses against such a threat by conducting network equipment audits, tracking network traffic patterns, ensuring up-to-date router firmware, deactivating unneeded management interfaces, and replacing default admin credentials.
The U.S. was most impacted by the malicious scanning efforts for reconnaissance in keeping with botnet operations, followed by India, Canada, Brazil, and Poland, according to the Shadowserver Foundation. Threat actors may be leveraging the hacked routers for port scans and service enumeration, which could later lead to aggressive vulnerability exploitation and credential-based intrusions, said researchers, who warned that compromised networking equipment could be used not only to create malicious infrastructure but also enable the discovery of new targets. Organizations have been urged to bolster their edge devices' defenses against such a threat by conducting network equipment audits, tracking network traffic patterns, ensuring up-to-date router firmware, deactivating unneeded management interfaces, and replacing default admin credentials.
