GRU-funded hacking team Fancy Bear has been caught installing Moobot malware on "well over a thousand" unsecured home and business routers using the default admin password as the infection vector, says FBI Director Christopher Wray [h/t The Register].
Moobot was used to create a functional botnet of compromised routers that the GRU and Fancy Bear were using for undisclosed reasons, but the scale of the security breach isn't promising. The FBI acted to isolate and remove the malware from all infected units. The issue stems from a lack of cybersecurity basics (change the admin password unless you want someone else to change it for you) taught to the public. So, it's not quite like a hardware vulnerability that can't be fixed without revision.
As simple as the root of the issue was (unsecured default admin passwords), the extent of the Moobot malware infection required some pretty big technical steps from the FBI to remove it as a threat. First, they leveraged Moobot's functionality to copy and delete all malicious files, including itself, from the impacted routers. Then, they firewalled all the routers to prevent remote management access (and thus further hijacking) before scrubbing the router's data and inspecting the equipment.
Following the removal of the Moobot malware, the Feds returned the hardware to its original owners, albeit with their settings changes still applied. Users can reset the devices, but the Justice Department warned that "a factory reset that is not also accompanied by a change of the default administrator password will return the router to its default administrator credentials, leaving the router open to reinfection or similar compromises."
In today's era of international cyber attacks and data heists, it's prudent to change the default passwords on your network devices as soon as possible and to safely maintain and change your existing passwords as necessary. It's also a good idea to ensure that your router is running on current firmware that contains the latest security and performance updates. No one wants to unknowingly lose computational, network, or even financial resources to some foreign government, cybercriminal, or creepy neighbor if they can avoid it.
